SYNCOPE-1835: Support Credential Criteria for LDAP authentication (#885)

apache · Nov 1, 2024 · 9988142 · 9988142
1 parent 82e1252
commit 9988142
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java
@@ -157,6 +157,17 @@ public enum DerefAliasesType {
      */
     private boolean collectDnAttribute;
 
+    /**
+     * A number of authentication handlers are allowed to determine whether they can operate on the provided credential
+     * and as such lend themselves to be tried and tested during the authentication handler selection phase.
+     * The credential criteria may be one of the following options:<ul>
+     * <li>1) A regular expression pattern that is tested against the credential identifier.</li>
+     * <li>2) A fully qualified class name of your own design that implements {@code Predicate}.</li>
+     * <li>3) Path to an external Groovy script that implements the same interface.</li>
+     * </ul>
+     */
+    private String credentialCriteria;
+
     public AuthenticationType getAuthenticationType() {
         return authenticationType;
     }
@@ -243,6 +254,14 @@ public void setCollectDnAttribute(final boolean collectDnAttribute) {
         this.collectDnAttribute = collectDnAttribute;
     }
 
+    public String getCredentialCriteria() {
+        return credentialCriteria;
+    }
+
+    public void setCredentialCriteria(final String credentialCriteria) {
+        this.credentialCriteria = credentialCriteria;
+    }
+
     @Override
     public Map<String, Object> map(final AuthModuleTO authModule, final Mapper mapper) {
         return mapper.map(authModule, this);

diff --git a/...src/main/java/org/apache/syncope/wa/bootstrap/mapping/AuthModulePropertySourceMapper.java b/...src/main/java/org/apache/syncope/wa/bootstrap/mapping/AuthModulePropertySourceMapper.java
@@ -122,8 +122,8 @@ public Map<String, Object> map(final AuthModuleTO authModuleTO, final LDAPAuthMo
         props.setAllowMultiplePrincipalAttributeValues(conf.isAllowMultiplePrincipalAttributeValues());
         props.setAdditionalAttributes(conf.getAdditionalAttributes());
         props.setAllowMissingPrincipalAttributeValue(conf.isAllowMissingPrincipalAttributeValue());
-        props.setCollectDnAttribute(props.isCollectDnAttribute());
-
+        props.setCollectDnAttribute(conf.isCollectDnAttribute());
+        props.setCredentialCriteria(conf.getCredentialCriteria());
         props.getPasswordPolicy().setType(AbstractLdapProperties.LdapType.valueOf(conf.getLdapType().name()));
 
         fill(props, conf);