clean up

api/cas-server-core-api-configuration-model/src/main/java/org/apereo/cas/configuration/model/support/wsfed/WsFederationProperties.java

@@ -63,6 +63,14 @@ public static class SecurityTokenService implements Serializable {
 
         /**
          * When generating a SAML token, indicates the subject name-id format to use.
+         * Accepted values are:
+         * <ul>
+         *     <li>unspecified</li>
+         *     <li>email</li>
+         *     <li>transient</li>
+         *     <li>persistent</li>
+         *     <li>entity</li>
+         * </ul>
          */
         private String subjectNameIdFormat = "unspecified";
 

style/dependency-check-suppressions.xml

@@ -3,6 +3,9 @@
     <suppress>
         <cve>CVE-2019-10174</cve>
     </suppress>
+    <suppress>
+        <cve>CVE-2019-17563</cve>
+    </suppress>
     <suppress>
         <cve>CVE-2018-5382</cve>
     </suppress>

support/cas-server-support-ws-sts/src/main/java/org/apereo/cas/config/CoreWsSecuritySecurityTokenServiceConfiguration.java

@@ -267,7 +267,8 @@ public RealmProperties casRealm() {
 
     @RefreshScope
     @Bean
-    public Map<String, RealmProperties> realms() {
+    @ConditionalOnMissingBean(name = "securityTokenServiceRealms")
+    public Map<String, RealmProperties> securityTokenServiceRealms() {
         val idp = casProperties.getAuthn().getWsfedIdp().getIdp();
         val realms = new HashMap<String, RealmProperties>();
         realms.put(idp.getRealmName(), casRealm());
@@ -284,7 +285,7 @@ public SCTProvider transportSecureContextTokenProvider() {
     @Bean
     public JWTTokenProvider transportJwtTokenProvider() {
         val provider = new JWTTokenProvider();
-        provider.setRealmMap(realms());
+        provider.setRealmMap(securityTokenServiceRealms());
         provider.setSignToken(true);
         return provider;
     }
@@ -308,6 +309,9 @@ public SAMLTokenProvider transportSamlTokenProvider() {
             case "transient":
                 s.setSubjectNameIDFormat(NameID.TRANSIENT);
                 break;
+            case "persistent":
+                s.setSubjectNameIDFormat(NameID.PERSISTENT);
+                break;
             case "unspecified":
             default:
                 s.setSubjectNameIDFormat(NameID.UNSPECIFIED);
@@ -323,7 +327,7 @@ public SAMLTokenProvider transportSamlTokenProvider() {
 
         val provider = new SAMLTokenProvider();
         provider.setAttributeStatementProviders(CollectionUtils.wrap(new ClaimsAttributeStatementProvider()));
-        provider.setRealmMap(realms());
+        provider.setRealmMap(securityTokenServiceRealms());
         provider.setConditionsProvider(c);
         provider.setSubjectProvider(s);
         provider.setSignToken(wsfed.isSignTokens());
@@ -376,7 +380,7 @@ public STSPropertiesMBean transportSTSProperties() {
 
         val s = new StaticSTSProperties();
         s.setIssuer(getClass().getSimpleName());
-        s.setRealmParser(new UriRealmParser(realms()));
+        s.setRealmParser(new UriRealmParser(securityTokenServiceRealms()));
         s.setSignatureCryptoProperties(CryptoUtils.getSecurityProperties(wsfed.getSigningKeystoreFile(), wsfed.getSigningKeystorePassword()));
         s.setEncryptionCryptoProperties(CryptoUtils.getSecurityProperties(wsfed.getEncryptionKeystoreFile(), wsfed.getEncryptionKeystorePassword()));