Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate IdentityKeyStoreResolver #160

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Integrate IdentityKeyStoreResolver #160

wants to merge 4 commits into from

Conversation

Binara-Sachin
Copy link

Purpose

  • This PR integrates the IdentityKeyStoreResolver class into the WS-Federation and WS-Trust flows.
  • This will allow users to define custom key stores for each authentication flow.

Important

@CLAassistant
Copy link

CLAassistant commented Jul 25, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@Binara-Sachin Binara-Sachin marked this pull request as ready for review July 30, 2024 04:39
@ZiyamSanthosh
Copy link

Unit tests have failed. Please check if it is due to these changes and address them.

pamodaaw
pamodaaw reviewed Oct 23, 2024
View reviewed changes
pom.xml Outdated Show resolved Hide resolved
@Binara-Sachin Binara-Sachin mentioned this pull request Oct 24, 2024
Open
@Binara-Sachin
Copy link
Author

Created the doc PR

pamodaaw
pamodaaw previously approved these changes Oct 31, 2024
View reviewed changes
@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/11607184325

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/11607184325
Status: failure

@pamodaaw
Copy link
Contributor

@Binara-Sachin
Following integration tests are failing in the PR builder.

ERROR] Failures: 
 [ERROR] org.wso2.identity.integration.test.sts.TestPassiveSTS.testPassiveSAML2Assertion(org.wso2.identity.integration.test.sts.TestPassiveSTS)
 [INFO] Run 1: PASS
 [ERROR] Run 2: TestPassiveSTS.testPassiveSAML2Assertion:277 No SAML2 Assertion found for the SAML2 request for tenant domain: wso2.com expected:<true> but was:<false>
 [INFO] 
 [ERROR] org.wso2.identity.integration.test.sts.TestPassiveSTS.testPassiveSAML2AssertionWithoutWReply(org.wso2.identity.integration.test.sts.TestPassiveSTS)
 [INFO] Run 1: PASS
 [ERROR] Run 2: TestPassiveSTS.testPassiveSAML2AssertionWithoutWReply:300 No SAML2 Assertion found for the SAML2 request without WReply in passive-sts request for tenant domain: wso2.com expected:<true> but was:<false>
 [

Please check locally.

@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/11609560515

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/11609560515
Status: failure

@Binara-Sachin
Copy link
Author

@Binara-Sachin Following integration tests are failing in the PR builder.
Please check locally.

Fixed in 48b481e

@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/11657970218

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/11657970218
Status: success

jenkins-is-staging
jenkins-is-staging approved these changes Nov 4, 2024
View reviewed changes
Copy link

@jenkins-is-staging jenkins-is-staging left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/11657970218

pamodaaw
pamodaaw reviewed Nov 4, 2024
View reviewed changes
...s.passive/src/main/java/org/wso2/carbon/identity/sts/passive/utils/RequestProcessorUtil.java Outdated
// If keystore is not located in file system, (tenant keystore)
// keyStoreName = keystore name, keyStoreFileLocation = "" or any path
if (MultitenantConstants.SUPER_TENANT_ID != tenantId && keyStoreFileLocation.equals(keyStoreName)) {
keyStoreFileLocation = "";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why exactly do we need to set an empty value here? How was this handled with the previous implementation?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Explained in the comment here (https://github.com/wso2-extensions/identity-inbound-auth-sts/pull/160/files/48b481e291091c1a292e6260d2e31891a8ae706c#diff-fa2ec612e95f800d6407cafffc914c60e6d403d0b2942a7dc98476f2cf666173R221-R225)

  • keyStoreName should only be populated if this is a tenant keystore.
  • Otherwise, we should make keyStoreName empty and set the correct location.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shall we move this logic to the getEncryptionProperties()? And populate the properties based on the tenant.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made the changes 32f5992

@hwupathum
Copy link
Contributor

Does this support PKCS12 type keystores?

hwupathum
hwupathum previously approved these changes Nov 6, 2024
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ImalshaG ImalshaG ImalshaG left review comments

@pamodaaw pamodaaw pamodaaw left review comments

@jenkins-is-staging jenkins-is-staging jenkins-is-staging approved these changes

@hwupathum hwupathum hwupathum left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@Binara-Sachin @CLAassistant @ZiyamSanthosh @jenkins-is-staging @pamodaaw @hwupathum @ImalshaG