Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integrate IdentityKeyStoreResolver #160

Open
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

Binara-Sachin
Copy link

Purpose

  • This PR integrates the IdentityKeyStoreResolver class into the WS-Federation and WS-Trust flows.
  • This will allow users to define custom key stores for each authentication flow.

Important


@CLAassistant
Copy link

CLAassistant commented Jul 25, 2024

CLA assistant check
All committers have signed the CLA.

@Binara-Sachin Binara-Sachin marked this pull request as ready for review July 30, 2024 04:39
@ZiyamSanthosh
Copy link

Unit tests have failed. Please check if it is due to these changes and address them.

pom.xml Outdated Show resolved Hide resolved
@Binara-Sachin
Copy link
Author

pamodaaw
pamodaaw previously approved these changes Oct 31, 2024
@jenkins-is-staging
Copy link

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/11607184325
Status: failure

@pamodaaw
Copy link
Contributor

@Binara-Sachin
Following integration tests are failing in the PR builder.

ERROR] Failures: 
 [ERROR] org.wso2.identity.integration.test.sts.TestPassiveSTS.testPassiveSAML2Assertion(org.wso2.identity.integration.test.sts.TestPassiveSTS)
 [INFO] Run 1: PASS
 [ERROR] Run 2: TestPassiveSTS.testPassiveSAML2Assertion:277 No SAML2 Assertion found for the SAML2 request for tenant domain: wso2.com expected:<true> but was:<false>
 [INFO] 
 [ERROR] org.wso2.identity.integration.test.sts.TestPassiveSTS.testPassiveSAML2AssertionWithoutWReply(org.wso2.identity.integration.test.sts.TestPassiveSTS)
 [INFO] Run 1: PASS
 [ERROR] Run 2: TestPassiveSTS.testPassiveSAML2AssertionWithoutWReply:300 No SAML2 Assertion found for the SAML2 request without WReply in passive-sts request for tenant domain: wso2.com expected:<true> but was:<false>
 [

Please check locally.

@jenkins-is-staging
Copy link

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/11609560515
Status: failure

@Binara-Sachin
Copy link
Author

@Binara-Sachin Following integration tests are failing in the PR builder.
Please check locally.

Fixed in 48b481e

@jenkins-is-staging
Copy link

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/11657970218
Status: success

Copy link

@jenkins-is-staging jenkins-is-staging left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/11657970218

// If keystore is not located in file system, (tenant keystore)
// keyStoreName = keystore name, keyStoreFileLocation = "" or any path
if (MultitenantConstants.SUPER_TENANT_ID != tenantId && keyStoreFileLocation.equals(keyStoreName)) {
keyStoreFileLocation = "";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why exactly do we need to set an empty value here? How was this handled with the previous implementation?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Explained in the comment here (https://github.com/wso2-extensions/identity-inbound-auth-sts/pull/160/files/48b481e291091c1a292e6260d2e31891a8ae706c#diff-fa2ec612e95f800d6407cafffc914c60e6d403d0b2942a7dc98476f2cf666173R221-R225)

  • keyStoreName should only be populated if this is a tenant keystore.
  • Otherwise, we should make keyStoreName empty and set the correct location.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shall we move this logic to the getEncryptionProperties()? And populate the properties based on the tenant.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made the changes 32f5992

@hwupathum
Copy link
Contributor

Does this support PKCS12 type keystores?

hwupathum
hwupathum previously approved these changes Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants