SAML FIX

ReleaseNotes.txt

@@ -32,8 +32,9 @@
 	*(MAXKEY-200831)  MySQL时间问题，参见https://dev.mysql.com/doc/refman/8.0/en/time-zone-support.html
 	*(MAXKEY-200832)  OAuth2 Password模式修复
 	*(MAXKEY-200833)  MGT管理SAML上传问题、IDP元数据链接优化、主键生成修复、元数据参数配置调整
-	*(MAXKEY-200834)  MGT管理TOKENBASED令牌主键生成修复
-	*(MAXKEY-200835)  依赖jar升级
+	*(MAXKEY-200834)  SAML 2添加多种NameId的支持，支持后缀的配置，NameId支持大小写转换
+	*(MAXKEY-200835)  MGT管理TOKENBASED令牌主键生成修复
+	*(MAXKEY-200836)  依赖jar升级
 						tomcat 9.0.38
 						passay 1.6.0
 						springBootVersion  2.3.4.RELEASE

maxkey-core/src/main/java/org/maxkey/domain/apps/AppsSAML20Details.java

@@ -93,6 +93,9 @@ public class AppsSAML20Details extends Apps {
      */
     @Column
     private int nameIdConvert;
+    
+    @Column
+    private String nameIdSuffix;
 
     public static final class BindingType {
         public static final  String Redirect_Post = "Redirect-Post";
@@ -326,6 +329,14 @@ public class AppsSAML20Details extends Apps {
     public void setDigestMethod(String digestMethod) {
         this.digestMethod = digestMethod;
     }
+    
+    public String getNameIdSuffix() {
+        return nameIdSuffix;
+    }
+
+    public void setNameIdSuffix(String nameIdSuffix) {
+        this.nameIdSuffix = nameIdSuffix;
+    }
 
     @Override
     public String toString() {

maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/AssertionGenerator.java

@@ -85,6 +85,7 @@ public class AssertionGenerator {
 		Assertion assertion = new AssertionBuilder().buildObject();;
 		//Subject
 		Subject subject = subjectGenerator.generateSubject(
+		                saml20Details,
 						assertionConsumerURL,
 						inResponseTo,
 						validInSeconds);

maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/SubjectGenerator.java

@@ -19,7 +19,10 @@
 package org.maxkey.authz.saml20.provider.xml;
 
 
+import org.apache.commons.lang3.StringUtils;
 import org.maxkey.authz.saml.service.TimeService;
+import org.maxkey.domain.UserInfo;
+import org.maxkey.domain.apps.AppsSAML20Details;
 import org.maxkey.web.WebContext;
 import org.opensaml.saml2.core.NameID;
 import org.opensaml.saml2.core.NameIDType;
@@ -41,12 +44,54 @@ public class SubjectGenerator {
 		this.timeService = timeService;
 	}
 
-	public Subject generateSubject( 
+	public Subject generateSubject( AppsSAML20Details saml20Details,
 							String assertionConsumerURL, 
 							String inResponseTo, 
 							int validInSeconds) {
+		UserInfo userInfo = WebContext.getUserInfo();
+		String nameIdValue = userInfo.getUsername();
+		if(saml20Details.getNameidFormat().equalsIgnoreCase("persistent")) {
+		    
+		}else if(saml20Details.getNameidFormat().equalsIgnoreCase("transient")) {
+            
+        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("unspecified")) {
+            
+        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("emailAddress")) {
+            if(userInfo.getEmail()!=null && !userInfo.getEmail().equals("")) {
+                nameIdValue = userInfo.getEmail();
+            }
+        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("X509SubjectName")) {
+            
+        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("WindowsDomainQualifiedName")) {
+            if(userInfo.getWindowsAccount()!=null && !userInfo.getWindowsAccount().equals("")) {
+                nameIdValue = userInfo.getWindowsAccount();
+            }
+        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("entity")) {
+            
+        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("custom")) {
+            
+        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("Mobile")) {
+            if(userInfo.getMobile()!=null && !userInfo.getMobile().equals("")) {
+                nameIdValue = userInfo.getMobile();
+            }
+        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("EmployeeNumber")) {
+            if(userInfo.getEmployeeNumber()!=null && !userInfo.getEmployeeNumber().equals("")) {
+                nameIdValue = userInfo.getEmployeeNumber();
+            }
+        }
+		
+		if(!StringUtils.isEmpty(saml20Details.getNameIdSuffix())) {
+		    nameIdValue = nameIdValue + saml20Details.getNameIdSuffix();
+		}
+		
+		if(saml20Details.getNameIdConvert()==0) {
+		    
+		}else if(saml20Details.getNameIdConvert()==1) {
+		    nameIdValue = nameIdValue.toUpperCase();
+        }else if(saml20Details.getNameIdConvert()==1) {
+            nameIdValue = nameIdValue.toLowerCase();
+        }
 		
-		String nameIdValue =WebContext.getUserInfo().getUsername();
 		NameID nameID =builderNameID(nameIdValue,assertionConsumerURL);
 		Subject subject =builderSubject(nameID);