in saml-authentication-server/src/main/java/jetbrains/buildServer/auth/saml/plugin/SamlAuthenticationScheme.java [114:196]
public HttpAuthenticationResult processAuthenticationRequest(@NotNull HttpServletRequest request, @NotNull HttpServletResponse response, @NotNull Map<String, String> properties) throws IOException {
LOG.debug(String.format("SAML: incoming authentication request %s %s",request.getMethod(), request.getRequestURL()));
var saml = request.getParameter(SamlPluginConstants.SAML_RESPONSE_REQUEST_PARAMETER);
var relayState = request.getParameter("RelayState");
if (StringUtil.isEmpty(saml)) {
LOG.debug(String.format("%s parameter not found - returning N/A", SamlPluginConstants.SAML_RESPONSE_REQUEST_PARAMETER));
return HttpAuthenticationResult.notApplicable();
}
try {
var settings = this.settingsStorage.load();
var saml2Settings = buildSettings();
var auth = new Auth(saml2Settings, request, response);
auth.processResponse();
if (!auth.isAuthenticated()) {
return sendUnauthorizedRequest(request, response, "SAML request is not authenticated due to errors: " + String.join(", ", auth.getErrors()));
}
String username = auth.getNameId();
SUser user = null;
if (StringUtils.isEmpty(username)) {
LOG.error("Username is empty - authentication stops");
} else {
user = userModel.findUserAccount(null, username);
if (user == null) {
user = userModel.findUserByUsername(username, SamlPluginConstants.ID_USER_PROPERTY_KEY);
}
if (user == null && settings.isCreateUsersAutomatically()) {
try {
if (!settings.isLimitToPostfixes() || matchPostfixes(username, settings.getAllowedPostfixes())) {
LOG.info(String.format("Creating new user %s from SAML request", username));
user = userModel.createUserAccount(null, username);
if (user == null) {
LOG.warn(String.format("New user %s was not created due to unknown reason", username));
} else {
String email = getAttribute(auth, settings.getEmailAttributeMapping());
String fullname = getAttribute(auth, settings.getNameAttributeMapping());
String vcsUsername = getAttribute(auth, settings.getVcsUsernameAttributeMapping());
LOG.info(String.format("Setting data for new user: username=%s, full name=%s, email=%s", username, fullname, email));
user.updateUserAccount(username, fullname, email);
if (StringUtil.isNotEmpty(vcsUsername)) {
((UserEx)user).setDefaultVcsUsernames(Collections.singletonList(vcsUsername));
}
}
}
} catch (Exception e) {
LOG.error(String.format("Failed to create new user with username %s: %s", username, e.getMessage()), e);
}
}
}
if (user == null) {
return sendUnauthorizedRequest(request, response, String.format("SAML request NOT authenticated for user id %s: user with such username or %s property value not found", username, SamlPluginConstants.ID_USER_PROPERTY_KEY));
}
if (settings.isAssignGroups()) {
String samlGroups = getAttribute(auth, settings.getGroupsAttributeMapping());
LOG.debug(String.format("SAML Groups = '%s'", samlGroups));
// Process the SAML groups assigned to this user
processGroups(user, samlGroups, settings.isRemoveUnassignedGroups());
}
LOG.info(String.format("SAML request authenticated for user %s/%s", user.getUsername(), user.getName()));
return authenticated(request, settings, user, relayState);
} catch (Exception e) {
LOG.error(e);
return sendUnauthorizedRequest(request, response, String.format("Failed to authenticate request: %s", e.getMessage()));
}
}