feat: 🎸 AARC_IDP_HINTING implemented

Author: Dominik Frantisek Bucik

perun-oidc-server-webapp/src/main/webapp/WEB-INF/user-context.xml

@@ -583,10 +583,27 @@
 			<list>
 				<bean id="httpPostBinding" class="org.springframework.security.saml.processor.HTTPPostBinding">
 					<constructor-arg name="parserPool" ref="parserPool"/>
-					<constructor-arg name="velocityEngine" value="#{T(org.springframework.security.saml.util.VelocityFactory).getEngine()}"/>
+					<constructor-arg name="encoder">
+						<bean class="cz.muni.ics.oidc.saml.PerunPostEncoder">
+							<constructor-arg name="engine" value="#{T(org.springframework.security.saml.util.VelocityFactory).getEngine()}"/>
+							<constructor-arg name="templateId" value="/templates/saml2-post-binding.vm"/>
+						</bean>
+					</constructor-arg>
+					<constructor-arg name="decoder">
+						<bean class="org.opensaml.saml2.binding.decoding.HTTPPostDecoder">
+							<constructor-arg name="pool" ref="parserPool"/>
+						</bean>
+					</constructor-arg>
 				</bean>
 				<bean id="httpRedirectDeflateBinding" class="org.springframework.security.saml.processor.HTTPRedirectDeflateBinding">
-					<constructor-arg name="parserPool" ref="parserPool"/>
+					<constructor-arg name="encoder">
+						<bean class="cz.muni.ics.oidc.saml.PerunHTTPRedirectDeflateEncoder"/>
+					</constructor-arg>
+					<constructor-arg name="decoder">
+						<bean class="org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder">
+							<constructor-arg name="pool" ref="parserPool"/>
+						</bean>
+					</constructor-arg>
 				</bean>
 			</list>
 		</constructor-arg>

perun-oidc-server/src/main/java/cz/muni/ics/oidc/saml/PerunHTTPRedirectDeflateEncoder.java

@@ -0,0 +1,29 @@
+package cz.muni.ics.oidc.saml;
+
+import org.opensaml.common.binding.SAMLMessageContext;
+import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
+import org.opensaml.util.URLBuilder;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.util.Pair;
+import org.springframework.util.StringUtils;
+
+import static cz.muni.ics.oidc.server.filters.PerunFilterConstants.AARC_IDP_HINT;
+
+public class PerunHTTPRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder {
+
+    @Override
+    protected String buildRedirectURL(SAMLMessageContext messageContext, String endpointURL, String message)
+            throws MessageEncodingException
+    {
+        String url = super.buildRedirectURL(messageContext, endpointURL, message);
+        if (messageContext instanceof PerunSAMLMessageContext) {
+            PerunSAMLMessageContext mcxt = (PerunSAMLMessageContext) messageContext;
+            if (StringUtils.hasText(mcxt.getAarcIdpHint())) {
+                URLBuilder builder = new URLBuilder(url);
+                builder.getQueryParams().add(new Pair<>(AARC_IDP_HINT, mcxt.getAarcIdpHint()));
+                url = builder.buildURL();
+            }
+        }
+        return url;
+    }
+}

perun-oidc-server/src/main/java/cz/muni/ics/oidc/saml/PerunPostEncoder.java

@@ -0,0 +1,36 @@
+package cz.muni.ics.oidc.saml;
+
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.common.binding.SAMLMessageContext;
+import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.ws.message.MessageContext;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.util.StringUtils;
+
+public class PerunPostEncoder extends HTTPPostEncoder {
+
+    private static final Logger log = LoggerFactory.getLogger(PerunPostEncoder.class);
+
+    public PerunPostEncoder(VelocityEngine engine, String templateId) {
+        super(engine, templateId);
+    }
+
+    @Override
+    protected void doEncode(MessageContext messageContext) throws MessageEncodingException {
+        super.doEncode(messageContext);
+    }
+
+    @Override
+    protected void populateVelocityContext(VelocityContext velocityContext, SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException {
+        super.populateVelocityContext(velocityContext, messageContext, endpointURL);
+        if (messageContext instanceof PerunSAMLMessageContext) {
+            PerunSAMLMessageContext mcxt = (PerunSAMLMessageContext) messageContext;
+            if (StringUtils.hasText(mcxt.getAarcIdpHint())) {
+                velocityContext.put("aarc_idp_hint", mcxt.getAarcIdpHint());
+            }
+        }
+    }
+}