[Draft] XDS Changes for SAML for CP/DP Seperation

components/org.wso2.carbon.identity.sso.saml/pom.xml

@@ -320,6 +320,19 @@
             <artifactId>org.wso2.carbon.identity.organization.management.service</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.identity.xds.client.mgt</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.identity.xds.common</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+            <scope>provided</scope>
+        </dependency>
     </dependencies>
 
     <build>
@@ -429,7 +442,8 @@
                             org.wso2.carbon.identity.event; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.event.event; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.event.handler; version="${carbon.identity.package.import.version.range}",
-
+                            org.wso2.carbon.identity.xds.client.mgt.*; version="${carbon.identity.framework.imp.pkg.version.range}",
+                            org.wso2.carbon.identity.xds.common.*; version="${carbon.identity.framework.imp.pkg.version.range}",
                         </Import-Package>
                         <Export-Package>
                             !org.wso2.carbon.identity.sso.saml.internal,

components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConfigServiceImpl.java

@@ -15,6 +15,7 @@
  */
 package org.wso2.carbon.identity.sso.saml;
 
+import com.google.gson.Gson;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.io.input.BoundedInputStream;
 import org.apache.commons.lang.StringUtils;
@@ -35,7 +36,11 @@
 import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderInfoDTO;
 import org.wso2.carbon.identity.sso.saml.exception.IdentitySAML2ClientException;
 import org.wso2.carbon.identity.sso.saml.exception.IdentitySAML2SSOException;
+import org.wso2.carbon.identity.sso.saml.model.SAMLXDSWrapper;
 import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
+import org.wso2.carbon.identity.xds.common.constant.XDSConstants;
+import org.wso2.carbon.identity.xds.common.constant.XDSOperationType;
+import org.wso2.carbon.identity.xds.common.constant.XDSWrapper;
 import org.wso2.carbon.registry.core.Registry;
 import org.wso2.carbon.registry.core.exceptions.RegistryException;
 import org.wso2.carbon.security.SecurityConfigException;
@@ -81,6 +86,14 @@ public class SAMLSSOConfigServiceImpl {
     public boolean addRPServiceProvider(SAMLSSOServiceProviderDTO spDto) throws IdentityException {
 
         try {
+            if (isControlPlane()) {
+                SAMLXDSWrapper applicationXDSWrapper = new SAMLXDSWrapper.SAMLXDSWrapperBuilder()
+                        .setSsoServiceProviderDTO(spDto)
+                        .build();
+                publishData(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(),
+                        applicationXDSWrapper, XDSConstants.EventType.SAML,
+                        SAMLXDSOperationType.ADD_RP_SERVICE_PROVIDER);
+            }
             SAMLSSOConfigAdmin configAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry());
             return configAdmin.addRelyingPartyServiceProvider(spDto);
         } catch (IdentityException ex) {
@@ -120,6 +133,16 @@ public SAMLSSOServiceProviderDTO createServiceProvider(SAMLSSOServiceProviderDTO
                 throw buildClientException(INVALID_REQUEST,
                         "Invalid Key Encryption Algorithm: " + spDto.getKeyEncryptionAlgorithmURI());
             }
+
+            if (isControlPlane()) {
+                SAMLXDSWrapper applicationXDSWrapper = new SAMLXDSWrapper.SAMLXDSWrapperBuilder()
+                        .setSsoServiceProviderDTO(spDto)
+                        .build();
+                publishData(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(),
+                        applicationXDSWrapper, XDSConstants.EventType.SAML,
+                        SAMLXDSOperationType.CREATE_SERVICE_PROVIDER);
+            }
+
             return configAdmin.addSAMLServiceProvider(spDto);
         } catch (IdentityException ex) {
             throw handleException("Error while creating SAML SP in tenantDomain: " + getTenantDomain(), ex);
@@ -139,6 +162,14 @@ public SAMLSSOServiceProviderDTO uploadRPServiceProvider(String metadata) throws
             if (log.isDebugEnabled()) {
                 log.debug("Creating SAML Service Provider with metadata: " + metadata);
             }
+            if (isControlPlane()) {
+                SAMLXDSWrapper applicationXDSWrapper = new SAMLXDSWrapper.SAMLXDSWrapperBuilder()
+                        .setMetadata(metadata)
+                        .build();
+                publishData(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(),
+                        applicationXDSWrapper, XDSConstants.EventType.SAML,
+                        SAMLXDSOperationType.UPLOAD_RP_SERVICE_PROVIDER);
+            }
             return configAdmin.uploadRelyingPartyServiceProvider(metadata);
         } catch (IdentityException e) {
             String tenantDomain = getTenantDomain();
@@ -165,6 +196,14 @@ public SAMLSSOServiceProviderDTO createServiceProviderWithMetadataURL(String met
             in = new BoundedInputStream(con.getInputStream(), getMaxSizeInBytes());
 
             String metadata = IOUtils.toString(in);
+            if (isControlPlane()) {
+                SAMLXDSWrapper applicationXDSWrapper = new SAMLXDSWrapper.SAMLXDSWrapperBuilder()
+                        .setMetadata(metadata)
+                        .build();
+                publishData(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(),
+                        applicationXDSWrapper, XDSConstants.EventType.SAML,
+                        SAMLXDSOperationType.CREATE_SERVICE_PROVIDER_WITH_METADATA_URL);
+            }
             return uploadRPServiceProvider(metadata);
         } catch (IOException e) {
             String tenantDomain = getTenantDomain();
@@ -371,6 +410,14 @@ public boolean removeServiceProvider(String issuer) throws IdentityException {
 
         try {
             SAMLSSOConfigAdmin ssoConfigAdmin = new SAMLSSOConfigAdmin(getConfigSystemRegistry());
+            if (isControlPlane()) {
+                SAMLXDSWrapper applicationXDSWrapper = new SAMLXDSWrapper.SAMLXDSWrapperBuilder()
+                        .setIssuer(issuer)
+                        .build();
+                publishData(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(),
+                        applicationXDSWrapper, XDSConstants.EventType.SAML,
+                        SAMLXDSOperationType.REMOVE_SERVICE_PROVIDER);
+            }
             return ssoConfigAdmin.removeServiceProvider(issuer);
         } catch (IdentityException ex) {
             String msg = "Error removing SAML SP with issuer: " + issuer + " in tenantDomain: " + getTenantDomain();
@@ -504,6 +551,25 @@ private IdentitySAML2ClientException buildClientException(Error error, String me
 
         return new IdentitySAML2ClientException(error.getErrorCode(), message);
     }
+
+    private String buildJson(SAMLXDSWrapper samlxdsWrapper) {
+
+        Gson gson = new Gson();
+        return gson.toJson(samlxdsWrapper);
+    }
+
+    private boolean isControlPlane() {
+
+        return Boolean.parseBoolean(IdentityUtil.getProperty("Server.ControlPlane"));
+    }
+
+    private void publishData(String tenantDomain, XDSWrapper xdsWrapper, XDSConstants.EventType eventType,
+                             XDSOperationType operationType) {
+
+        String json = buildJson((SAMLXDSWrapper) xdsWrapper);
+        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
+        SAMLSSOUtil.getXDSClientService().publishData(tenantDomain, username, json, eventType, operationType);
+    }
 }
 
 

components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLXDSOperationType.java

@@ -0,0 +1,12 @@
+package org.wso2.carbon.identity.sso.saml;
+
+import org.wso2.carbon.identity.xds.common.constant.XDSOperationType;
+
+public enum SAMLXDSOperationType implements XDSOperationType {
+
+    ADD_RP_SERVICE_PROVIDER,
+    CREATE_SERVICE_PROVIDER,
+    UPLOAD_RP_SERVICE_PROVIDER,
+    CREATE_SERVICE_PROVIDER_WITH_METADATA_URL,
+    REMOVE_SERVICE_PROVIDER
+}

components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/internal/IdentitySAMLSSOServiceComponent.java

@@ -48,6 +48,7 @@
 import org.wso2.carbon.identity.sso.saml.servlet.SAMLArtifactResolveServlet;
 import org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet;
 import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
+import org.wso2.carbon.identity.xds.client.mgt.XDSClientService;
 import org.wso2.carbon.registry.core.service.RegistryService;
 import org.wso2.carbon.user.core.service.RealmService;
 import org.wso2.carbon.utils.CarbonUtils;
@@ -458,4 +459,26 @@ protected void unsetApplicationManagementService(ApplicationManagementService ap
             log.debug("Unset the ApplicationManagementService");
         }
     }
+
+    @Reference(
+            name = "xds.client.service",
+            service = org.wso2.carbon.identity.xds.client.mgt.XDSClientService.class,
+            cardinality = ReferenceCardinality.MANDATORY,
+            policy = ReferencePolicy.DYNAMIC,
+            unbind = "unsetXDSClientService")
+    protected void setXDSClientService(XDSClientService xdsClientService) {
+
+        if (log.isDebugEnabled()) {
+            log.debug("XDS Client Service is set in the SAML SSO bundle");
+        }
+        SAMLSSOUtil.setXDSClientService(xdsClientService);
+    }
+
+    protected void unsetXDSClientService(XDSClientService xdsClientService) {
+
+        if (log.isDebugEnabled()) {
+            log.debug("XDS Client Service is set in the SAML SSO bundle");
+        }
+        SAMLSSOUtil.setXDSClientService(null);
+    }
 }

components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/model/SAMLXDSWrapper.java

@@ -0,0 +1,73 @@
+package org.wso2.carbon.identity.sso.saml.model;
+
+import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO;
+import org.wso2.carbon.identity.xds.common.constant.XDSWrapper;
+
+public class SAMLXDSWrapper implements XDSWrapper {
+    private String metadata;
+    private String metadataUrl;
+    private SAMLSSOServiceProviderDTO ssoServiceProviderDTO;
+    private String issuer;
+    private String timestamp;
+
+    public SAMLXDSWrapper(SAMLXDSWrapperBuilder builder) {
+        this.metadata = builder.metadata;
+        this.metadataUrl = builder.metadataUrl;
+        this.ssoServiceProviderDTO = builder.ssoServiceProviderDTO;
+        this.issuer = builder.issuer;
+        this.timestamp = builder.timestamp;
+    }
+
+    public String getMetadata() {
+        return this.metadata;
+    }
+
+    public String getMetadataUrl() {
+        return this.metadataUrl;
+    }
+
+    public SAMLSSOServiceProviderDTO getSsoServiceProviderDTO() {
+        return this.ssoServiceProviderDTO;
+    }
+
+    public String getIssuer() {
+        return this.issuer;
+    }
+
+    public static class SAMLXDSWrapperBuilder {
+        private String metadata;
+        private String metadataUrl;
+        private SAMLSSOServiceProviderDTO ssoServiceProviderDTO;
+        private String issuer;
+        private String timestamp;
+
+        public SAMLXDSWrapperBuilder() {
+        }
+
+        public SAMLXDSWrapperBuilder setMetadata(String metadata) {
+            this.metadata = metadata;
+            return this;
+        }
+
+        public SAMLXDSWrapperBuilder setMetadataUrl(String metadataUrl) {
+            this.metadataUrl = metadataUrl;
+            return this;
+        }
+
+        public SAMLXDSWrapperBuilder setSsoServiceProviderDTO(SAMLSSOServiceProviderDTO ssoServiceProviderDTO) {
+            this.ssoServiceProviderDTO = ssoServiceProviderDTO;
+            return this;
+        }
+
+        public SAMLXDSWrapperBuilder setIssuer(String issuer) {
+            this.issuer = issuer;
+            return this;
+        }
+
+        public SAMLXDSWrapper build() {
+
+            this.timestamp = String.valueOf(System.currentTimeMillis());
+            return new SAMLXDSWrapper(this);
+        }
+    }
+}

components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/util/SAMLSSOUtil.java

@@ -107,6 +107,7 @@
 import org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectSignatureValidator;
 import org.wso2.carbon.identity.sso.saml.validators.SPInitSSOAuthnRequestValidator;
 import org.wso2.carbon.identity.sso.saml.validators.SSOAuthnRequestValidator;
+import org.wso2.carbon.identity.xds.client.mgt.XDSClientService;
 import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
 import org.wso2.carbon.idp.mgt.IdentityProviderManager;
 import org.wso2.carbon.registry.core.Registry;
@@ -202,6 +203,7 @@ public class SAMLSSOUtil {
     private static ApplicationManagementService applicationMgtService;
     private static SAMLSSOConfigServiceImpl samlssoConfigService;
     private static volatile List<SAMLExtensionProcessor> extensionProcessors;
+    private static XDSClientService xdsClientService;
 
     private SAMLSSOUtil() {
     }
@@ -2690,4 +2692,12 @@ private static SAMLSSOServiceProviderDO getSAMLServiceProviderFromRegistry(Strin
             PrivilegedCarbonContext.endTenantFlow();
         }
     }
+
+    public static XDSClientService getXDSClientService() {
+        return xdsClientService;
+    }
+
+    public static void setXDSClientService(XDSClientService xdsClientService) {
+        SAMLSSOUtil.xdsClientService = xdsClientService;
+    }
 }

pom.xml

@@ -366,6 +366,21 @@
                 <scope>test</scope>
                 <version>${carbon.identity.organization.management.core.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.wso2.carbon.identity.framework</groupId>
+                <artifactId>org.wso2.carbon.identity.xds.client.mgt</artifactId>
+                <version>${carbon.identity.framework.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.wso2.carbon.identity.framework</groupId>
+                <artifactId>org.wso2.carbon.identity.xds.common</artifactId>
+                <version>${carbon.identity.framework.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>com.google.code.gson</groupId>
+                <artifactId>gson</artifactId>
+                <version>${com.google.code.gson.version}</version>
+            </dependency>
         </dependencies>
 
     </dependencyManagement>
@@ -452,7 +467,7 @@
     <properties>
         <carbon.kernel.version>4.9.0</carbon.kernel.version>
         <carbon.kernel.feature.version>4.9.0</carbon.kernel.feature.version>
-        <carbon.identity.framework.version>5.25.157</carbon.identity.framework.version>
+        <carbon.identity.framework.version>5.25.163</carbon.identity.framework.version>
         <carbon.identity.framework.imp.pkg.version.range>[5.15.0, 7.0.0)
         </carbon.identity.framework.imp.pkg.version.range>
         <carbon.identity.organization.management.core.version>1.0.0</carbon.identity.organization.management.core.version>
@@ -525,6 +540,8 @@
 
         <!-- Pax Logging Version -->
         <pax.logging.api.version>1.10.1</pax.logging.api.version>
+
+        <com.google.code.gson.version>2.9.0</com.google.code.gson.version>
     </properties>
 
 </project>