Skip to content

ESGF_Attribute_Service_Examples

Jump to bottom Edit New page
Matthew Harris edited this page Oct 9, 2013 · 5 revisions

ESGF Attribute Service Examples

Example Spring configuration file for demo Attribute Service

<?xml version="1.0" encoding="UTF-8"?>

<!-- Application-specific Spring configuration file -->
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:util="http://www.springframework.org/schema/util"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.5.xsd
                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd">

        <!--ESG SAML-based Attribute Service stack (with example white list) -->
        <bean name="attributeServiceController" class="esg.security.attr.web.SAMLAttributeServiceSoapController">
                <!-- <property name="whiteListCertificateProvider" ref="whiteList"/> -->
        </bean>
        <bean name="samlAttributeService" class="esg.security.attr.service.impl.SAMLAttributeServiceSoapImpl" />

        <!-- Example implementation that looks up user attributes in local XML file -->
        <bean id="samlAttributeFactory" class="esg.security.attr.service.impl.SAMLAttributeFactoryLocalXmlImpl">
                <constructor-arg index="0"><value>ESGF Attribute Service</value></constructor-arg>
                <constructor-arg index="1"><value>esg/security/config/ESGFusers.xml</value></constructor-arg>
        </bean>

        <!-- Example white list -->
        <bean name="whiteList" class="esg.security.common.WhiteListCertificateProvider">
                <constructor-arg index="0">
                        <list>
                                <value>CN=https://esg-gateway.jpl.nasa.gov/myopenid/rootAdmin, OU=jpl-esg.jpl.nasa.gov, OU=ESG-JPL, O=ESG</value>
                        </list>
                </constructor-arg>
        </bean>

        <!-- Test controller -->
        <bean name="testController" class="esg.security.webclient.TestController" />

</beans>

Example SAML Request

<?xml version="1.0" encoding="UTF-8"?><soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
   <soap11:Body>
      <samlp:AttributeQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="9b0061a4-7102-4e21-8748-5a993b95548e" 
                            IssueInstant="2009-08-05T19:20:09.089Z" Version="2.0">
         <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName">
               Test SAML Client</saml:Issuer>
         <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
            <saml:NameID Format="urn:esg:openid">https://localhost:8443/esgf-idp/openid/testUser</saml:NameID>
         </saml:Subject>
         <!-- uncomment below to request specific attributes -->
         <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="FirstName" 
                         Name="urn:esg:first:name" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
         <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="LastName" 
                         Name="urn:esg:last:name" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
         <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EmailAddress" 
                         Name="urn:esg:email:address" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
         <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="CMIP5" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
         <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="NASA OBS" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
         <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
                         Name="Test Attribute" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
         <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="GroupRole" 
                         Name="urn:esgf:test:grouprole" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
                 <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="GroupRole" 
                         Name="urn:esg:group:role" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
      </samlp:AttributeQuery>
   </soap11:Body>
</soap11:Envelope>

Example SAML Response

<?xml version="1.0" encoding="UTF-8"?><soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
   <soap11:Body>
      <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="fce726ae-7f1d-4d7e-8de5-f8f079e3a022" 
                       InResponseTo="9b0061a4-7102-4e21-8748-5a993b95548e" IssueInstant="2011-06-08T22:24:40.045Z" Version="2.0">
         <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
                ESGF Attribute Service</saml2:Issuer>
         <saml2p:Status>
            <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
         </saml2p:Status>
         <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="3c79552d-e5a4-4361-8725-7d144c97b569" 
                          IssueInstant="2011-06-08T22:24:40.045Z" Version="2.0">
            <saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">ESGF Attribute Service</saml2:Issuer>
            <saml2:Subject>
               <saml2:NameID Format="urn:esg:openid">https://localhost:8443/esgf-idp/openid/testUser</saml2:NameID>
            </saml2:Subject>
            <saml2:Conditions NotBefore="2011-06-08T22:24:40.045Z" NotOnOrAfter="2011-06-09T22:24:40.045Z"/>
            <saml2:AttributeStatement>
               <saml2:Attribute FriendlyName="FirstName" Name="urn:esg:first:name" NameFormat="http://www.w3.org/2001/XMLSchema#string">
                  <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" 
                                        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">test</saml2:AttributeValue>
               </saml2:Attribute>
               <saml2:Attribute FriendlyName="LastName" Name="urn:esg:last:name" NameFormat="http://www.w3.org/2001/XMLSchema#string">
                  <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" 
                                        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">user</saml2:AttributeValue>
               </saml2:Attribute>
               <saml2:Attribute FriendlyName="EmailAddress" Name="urn:esg:email:address" NameFormat="http://www.w3.org/2001/XMLSchema#string">
                  <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" 
                                        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">test@user</saml2:AttributeValue>
               </saml2:Attribute>
               <saml2:Attribute Name="CMIP5" NameFormat="http://www.w3.org/2001/XMLSchema#string">
                  <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" 
                                        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">User</saml2:AttributeValue>
               </saml2:Attribute>
               <saml2:Attribute Name="NASA OBS" NameFormat="http://www.w3.org/2001/XMLSchema#string">
                  <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" 
                                        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">User</saml2:AttributeValue>
               </saml2:Attribute>
               <saml2:Attribute Name="Test Attribute" NameFormat="http://www.w3.org/2001/XMLSchema#string">
                  <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" 
                                        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">User</saml2:AttributeValue>
               </saml2:Attribute>
               <saml2:Attribute FriendlyName="GroupRole" Name="urn:esg:group:role" NameFormat="groupRole">
                  <saml2:AttributeValue>
                     <esg:groupRole xmlns:esg="http://www.esg.org" group="CMIP5 Commercial" role="default"/>
                  </saml2:AttributeValue>
               </saml2:Attribute>
               <saml2:Attribute FriendlyName="GroupRole" Name="urn:esg:group:role" NameFormat="groupRole">
                  <saml2:AttributeValue>
                     <esg:groupRole xmlns:esg="http://www.esg.org" group="CMIP5 Research" role="default"/>
                  </saml2:AttributeValue>
               </saml2:Attribute>
            </saml2:AttributeStatement>
         </saml2:Assertion>
      </saml2p:Response>
   </soap11:Body>
</soap11:Envelope>

File ESGFusers.xml used as demo users storage

<?xml version="1.0" encoding="ISO-8859-1"?>

<users>

        <!-- esg-datanode.jpl.nasa.gov users -->
        <user openid="https://esg-datanode.jpl.nasa.gov/esgf-idp/openid/testUser" first_name="test" last_name="user" email="test@user">
                <attribute attribute_type="CMIP5" attribute_value="User"/>
                <attribute attribute_type="NASA OBS" attribute_value="User"/>
                <attribute attribute_type="Test Attribute" attribute_value="User"/>
        </user>
        <user openid="https://esg-datanode.jpl.nasa.gov/esgf-idp/openid/rootAdmin" first_name="root" last_name="admin" email="root@admin">
                <attribute attribute_type="NASA OBS" attribute_value="Admin"/>
        </user>
        
        <!-- test-datanode.jpl.nasa.gov users -->
        <user openid="https://test-datanode.jpl.nasa.gov/esgf-idp/openid/testUser" first_name="test" last_name="user" email="test@user">
                <attribute attribute_type="CMIP5" attribute_value="User"/>
                <attribute attribute_type="NASA OBS" attribute_value="User"/>
                <attribute attribute_type="Test Attribute" attribute_value="User"/>
        </user>
        <user openid="https://test-datanode.jpl.nasa.gov/esgf-idp/openid/rootAdmin" first_name="root" last_name="admin" email="root@admin">
                <attribute attribute_type="NASA OBS" attribute_value="Admin"/>
        </user>

        <!-- localhost users -->
        <user openid="https://localhost:8443/esgf-idp/openid/testUser" first_name="test" last_name="user" email="test@user">
                <attribute attribute_type="CMIP5" attribute_value="User"/>
                <attribute attribute_type="NASA OBS" attribute_value="User"/>
                <attribute attribute_type="Test Attribute" attribute_value="User"/>
                <grouprole attribute_type="urn:esg:group:role" group="CMIP5 Research" role="default"/>
                <grouprole attribute_type="urn:esg:group:role" group="CMIP5 Commercial" role="default"/>
        </user>
        <user openid="https://localhost:8443/esgf-idp/openid/rootAdmin" first_name="root" last_name="admin" email="root@admin">
                <attribute attribute_type="Test Attribute" attribute_value="Admin"/>
                <grouprole attribute_type="urn:esg:group:role" group="CMIP5 Research" role="default"/>
                <grouprole attribute_type="urn:esg:group:role" group="CMIP5 Research" role="admin"/>
        </user>

        <!-- esg-test1.llnl.gov users -->
        <user openid="https://esg-test1.llnl.gov/esgf-idp/openid/testUser" first_name="test" last_name="user" email="test@user">
                <attribute attribute_type="CMIP5" attribute_value="User"/>
                <attribute attribute_type="NASA OBS" attribute_value="User"/>
                <attribute attribute_type="Test Attribute" attribute_value="User"/>
        </user>
        <user openid="https://esg-test1.llnl.gov/esgf-idp/openid/rootAdmin" first_name="root" last_name="admin" email="root@admin">
                <attribute attribute_type="CMIP5" attribute_value="Admin"/>
        </user>
        
        <!-- esg-jpl users -->
        <user openid="https://esg-gateway.jpl.nasa.gov/myopenid/rootAdmin" first_name="test" last_name="user" email="test@user">
                <attribute attribute_type="CMIP5" attribute_value="User"/>
                <attribute attribute_type="NASA OBS" attribute_value="User"/>
                <attribute attribute_type="Test Attribute" attribute_value="User"/>
        </user>
        <user openid="https://esg-gateway.jpl.nasa.gov/myopenid/cinquiniluca" first_name="Luca" last_name="Cinquini" email="test@user">
                <attribute attribute_type="CMIP5" attribute_value="User"/>
                <attribute attribute_type="NASA OBS" attribute_value="User"/>
                <attribute attribute_type="Test Attribute" attribute_value="User"/>
        </user>      
</users>

SAMLAttributeFactory

/*
* Copyright (c) 2011 Earth System Grid Federation
*/
package esg.security.attr.service.api;

import esg.security.common.SAMLUnknownPrincipalException;

/
 * Factory to generate a {@link SAMLAttributes} object for a given system user.
 * Concrete implementations of this class represent the link to a specific users domain model.
 */
public interface SAMLAttributeFactory {

        /
         * Factory method to lookup a user by identifier and extract the attributes into a {@link SAMLAttributes} object.
         * @param identifier : system specific identifier.
         * @return : object populated with user attributes.
         * @throws SAMLUnknownPrincipalException
         */
        SAMLAttributes newInstance(final String identifier) throws SAMLUnknownPrincipalException;
        
        /
         * Method to return the authority that is issuing the attributes.
         * @return
         */
        String getIssuer();
        
}
Add a custom footer
Add a custom sidebar

Clone this wiki locally