From a12f7ec3237b556785ee4b82938d834c0865fc1f Mon Sep 17 00:00:00 2001 From: Longze Chen Date: Tue, 31 Mar 2026 11:46:36 -0400 Subject: [PATCH 1/4] Add shortcut SSO mode that show hidden availability institutions --- .../support/OsfInstitutionUtils.java | 21 ++++++++++++------- .../support/SsoAvailability.java | 4 ++++ .../OsfInstitutionLoginPreparationAction.java | 4 +++- 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java b/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java index ada97c89..3838273f 100644 --- a/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java +++ b/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java @@ -26,7 +26,7 @@ public final class OsfInstitutionUtils { public static boolean validateInstitutionForLogin(final JpaOsfDao jpaOsfDao, final String id) { final OsfInstitution institution = jpaOsfDao.findOneInstitutionById(id); - return institution != null && institution.getDelegationProtocol() != null; + return institution != null && institution.getDelegationProtocol() != null && institution.getSsoAvailability() != SsoAvailability.UNAVAILABLE; } public static String getInstitutionSupportEmail(final JpaOsfDao jpaOsfDao, final String id) { @@ -37,13 +37,14 @@ public static String getInstitutionSupportEmail(final JpaOsfDao jpaOsfDao, final public static Map getInstitutionLoginUrlMap( final JpaOsfDao jpaOsfDao, final String target, - final String id + final String institutionId, + boolean isShortcutSso ) { List institutionList = new LinkedList<>(); - if (id == null || id.isEmpty()) { + if (institutionId == null || institutionId.isEmpty()) { institutionList = jpaOsfDao.findAllInstitutions(); } else { - final OsfInstitution institution = jpaOsfDao.findOneInstitutionById(id); + final OsfInstitution institution = jpaOsfDao.findOneInstitutionById(institutionId); if (institution != null) { institutionList.add(institution); } else { @@ -57,15 +58,21 @@ public static Map getInstitutionLoginUrlMap( // Catch a rare exception case where OSF DB has changed the choices of the field // `sso_availability` in table `osf_institution` without syncing with CAS. LOGGER.error( - "Skipped due to invalid SSO Availability: [institutionId={}]", + "Skip invalid SSO availability: [institutionId={}]", institution.getInstitutionId() ); continue; } - if (!ssoAvailability.isPublic()) { + if (isShortcutSso && ssoAvailability.isHidden()) { + LOGGER.debug( + "Show hidden SSO availability with shortcut URL: [institutionId={}, ssoAvailability={}]", + institution.getInstitutionId(), + ssoAvailability.getId() + ); + } else if (!ssoAvailability.isPublic()) { // Hide institutions of which SSO Availability is not Public LOGGER.debug( - "Skipped because SSO Availability is not public: [institutionId={}, ssoAvailability={}]", + "Skip non-public SSO availability: [institutionId={}, ssoAvailability={}]", institution.getInstitutionId(), ssoAvailability.getId() ); diff --git a/src/main/java/io/cos/cas/osf/authentication/support/SsoAvailability.java b/src/main/java/io/cos/cas/osf/authentication/support/SsoAvailability.java index 47abe71c..9e900b63 100644 --- a/src/main/java/io/cos/cas/osf/authentication/support/SsoAvailability.java +++ b/src/main/java/io/cos/cas/osf/authentication/support/SsoAvailability.java @@ -48,6 +48,10 @@ public boolean isPublic () { return SsoAvailability.PUBLIC.equals(this); } + public boolean isHidden () { + return SsoAvailability.HIDDEN.equals(this); + } + public final String getId() { return id; } diff --git a/src/main/java/io/cos/cas/osf/web/flow/login/OsfInstitutionLoginPreparationAction.java b/src/main/java/io/cos/cas/osf/web/flow/login/OsfInstitutionLoginPreparationAction.java index 142b1785..b0394a27 100644 --- a/src/main/java/io/cos/cas/osf/web/flow/login/OsfInstitutionLoginPreparationAction.java +++ b/src/main/java/io/cos/cas/osf/web/flow/login/OsfInstitutionLoginPreparationAction.java @@ -71,6 +71,7 @@ protected Event doExecute(RequestContext context) { } String institutionId = null; + boolean isShortcutSsoMode = false; OsfCasLoginContext loginContext; loginContext = Optional.of(context).map(requestContext -> (OsfCasLoginContext) requestContext.getFlowScope().get(PARAMETER_LOGIN_CONTEXT)).orElse(null); @@ -81,6 +82,7 @@ protected Event doExecute(RequestContext context) { context.getFlowScope().put(PARAMETER_LOGIN_CONTEXT, loginContext); institutionId = null; } else { + isShortcutSsoMode = true; final String institutionSupportEmail = OsfInstitutionUtils.getInstitutionSupportEmail(jpaOsfDao, institutionId); if (institutionSupportEmail != null) { loginContext.setInstitutionSupportEmail(institutionSupportEmail); @@ -89,7 +91,7 @@ protected Event doExecute(RequestContext context) { } final Map institutionLoginUrlMap - = OsfInstitutionUtils.getInstitutionLoginUrlMap(jpaOsfDao, target, institutionId); + = OsfInstitutionUtils.getInstitutionLoginUrlMap(jpaOsfDao, target, institutionId, isShortcutSsoMode); final Map institutionLoginUrlMapSorted; if (institutionId != null) { institutionLoginUrlMapSorted = institutionLoginUrlMap; From 450cb722ab2aa32755b84eb2c63fc81dde552d6e Mon Sep 17 00:00:00 2001 From: Longze Chen Date: Tue, 31 Mar 2026 12:06:41 -0400 Subject: [PATCH 2/4] Simplify shortcut SSO mode check --- .../cas/osf/authentication/support/OsfInstitutionUtils.java | 5 +++-- .../web/flow/login/OsfInstitutionLoginPreparationAction.java | 4 +--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java b/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java index 3838273f..f7185f95 100644 --- a/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java +++ b/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java @@ -37,16 +37,17 @@ public static String getInstitutionSupportEmail(final JpaOsfDao jpaOsfDao, final public static Map getInstitutionLoginUrlMap( final JpaOsfDao jpaOsfDao, final String target, - final String institutionId, - boolean isShortcutSso + final String institutionId ) { List institutionList = new LinkedList<>(); + boolean isShortcutSso = false; if (institutionId == null || institutionId.isEmpty()) { institutionList = jpaOsfDao.findAllInstitutions(); } else { final OsfInstitution institution = jpaOsfDao.findOneInstitutionById(institutionId); if (institution != null) { institutionList.add(institution); + isShortcutSso = true; } else { institutionList = jpaOsfDao.findAllInstitutions(); } diff --git a/src/main/java/io/cos/cas/osf/web/flow/login/OsfInstitutionLoginPreparationAction.java b/src/main/java/io/cos/cas/osf/web/flow/login/OsfInstitutionLoginPreparationAction.java index b0394a27..142b1785 100644 --- a/src/main/java/io/cos/cas/osf/web/flow/login/OsfInstitutionLoginPreparationAction.java +++ b/src/main/java/io/cos/cas/osf/web/flow/login/OsfInstitutionLoginPreparationAction.java @@ -71,7 +71,6 @@ protected Event doExecute(RequestContext context) { } String institutionId = null; - boolean isShortcutSsoMode = false; OsfCasLoginContext loginContext; loginContext = Optional.of(context).map(requestContext -> (OsfCasLoginContext) requestContext.getFlowScope().get(PARAMETER_LOGIN_CONTEXT)).orElse(null); @@ -82,7 +81,6 @@ protected Event doExecute(RequestContext context) { context.getFlowScope().put(PARAMETER_LOGIN_CONTEXT, loginContext); institutionId = null; } else { - isShortcutSsoMode = true; final String institutionSupportEmail = OsfInstitutionUtils.getInstitutionSupportEmail(jpaOsfDao, institutionId); if (institutionSupportEmail != null) { loginContext.setInstitutionSupportEmail(institutionSupportEmail); @@ -91,7 +89,7 @@ protected Event doExecute(RequestContext context) { } final Map institutionLoginUrlMap - = OsfInstitutionUtils.getInstitutionLoginUrlMap(jpaOsfDao, target, institutionId, isShortcutSsoMode); + = OsfInstitutionUtils.getInstitutionLoginUrlMap(jpaOsfDao, target, institutionId); final Map institutionLoginUrlMapSorted; if (institutionId != null) { institutionLoginUrlMapSorted = institutionLoginUrlMap; From 96cdd939f3113b5014aa8e3d849ad1105d82a292 Mon Sep 17 00:00:00 2001 From: Longze Chen Date: Tue, 31 Mar 2026 12:19:38 -0400 Subject: [PATCH 3/4] Update comments and JavaDoc --- .../osf/authentication/support/OsfInstitutionUtils.java | 8 ++++++-- .../cas/osf/authentication/support/SsoAvailability.java | 6 ++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java b/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java index f7185f95..dbe9365d 100644 --- a/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java +++ b/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java @@ -26,7 +26,9 @@ public final class OsfInstitutionUtils { public static boolean validateInstitutionForLogin(final JpaOsfDao jpaOsfDao, final String id) { final OsfInstitution institution = jpaOsfDao.findOneInstitutionById(id); - return institution != null && institution.getDelegationProtocol() != null && institution.getSsoAvailability() != SsoAvailability.UNAVAILABLE; + return institution != null + && institution.getDelegationProtocol() != null + && institution.getSsoAvailability() != SsoAvailability.UNAVAILABLE; } public static String getInstitutionSupportEmail(final JpaOsfDao jpaOsfDao, final String id) { @@ -46,6 +48,7 @@ public static Map getInstitutionLoginUrlMap( } else { final OsfInstitution institution = jpaOsfDao.findOneInstitutionById(institutionId); if (institution != null) { + // Must be a valid institution to trigger the shortcut SSO mode institutionList.add(institution); isShortcutSso = true; } else { @@ -65,13 +68,14 @@ public static Map getInstitutionLoginUrlMap( continue; } if (isShortcutSso && ssoAvailability.isHidden()) { + // Show institutions of hidden SSO Availability in shortcut mode LOGGER.debug( "Show hidden SSO availability with shortcut URL: [institutionId={}, ssoAvailability={}]", institution.getInstitutionId(), ssoAvailability.getId() ); } else if (!ssoAvailability.isPublic()) { - // Hide institutions of which SSO Availability is not Public + // Hide institutions of non-public SSO Availability LOGGER.debug( "Skip non-public SSO availability: [institutionId={}, ssoAvailability={}]", institution.getInstitutionId(), diff --git a/src/main/java/io/cos/cas/osf/authentication/support/SsoAvailability.java b/src/main/java/io/cos/cas/osf/authentication/support/SsoAvailability.java index 9e900b63..fbcfd982 100644 --- a/src/main/java/io/cos/cas/osf/authentication/support/SsoAvailability.java +++ b/src/main/java/io/cos/cas/osf/authentication/support/SsoAvailability.java @@ -48,10 +48,16 @@ public boolean isPublic () { return SsoAvailability.PUBLIC.equals(this); } + /** + * @return whether the enum type is {@link SsoAvailability#HIDDEN}. + */ public boolean isHidden () { return SsoAvailability.HIDDEN.equals(this); } + /** + * @return the enum type string + */ public final String getId() { return id; } From ec76edaad20201f0636d2f1ddd4c0c00f40dbedb Mon Sep 17 00:00:00 2001 From: Longze Chen Date: Tue, 31 Mar 2026 12:33:53 -0400 Subject: [PATCH 4/4] Improve logging --- .../cas/osf/authentication/support/OsfInstitutionUtils.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java b/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java index dbe9365d..c749f363 100644 --- a/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java +++ b/src/main/java/io/cos/cas/osf/authentication/support/OsfInstitutionUtils.java @@ -62,7 +62,7 @@ public static Map getInstitutionLoginUrlMap( // Catch a rare exception case where OSF DB has changed the choices of the field // `sso_availability` in table `osf_institution` without syncing with CAS. LOGGER.error( - "Skip invalid SSO availability: [institutionId={}]", + "Skip instn with invalid SSO avail: [instnId={}]", institution.getInstitutionId() ); continue; @@ -70,14 +70,14 @@ public static Map getInstitutionLoginUrlMap( if (isShortcutSso && ssoAvailability.isHidden()) { // Show institutions of hidden SSO Availability in shortcut mode LOGGER.debug( - "Show hidden SSO availability with shortcut URL: [institutionId={}, ssoAvailability={}]", + "Show instn with hidden SSO avail in shortcut mode: [instnId={}, avail={}]", institution.getInstitutionId(), ssoAvailability.getId() ); } else if (!ssoAvailability.isPublic()) { // Hide institutions of non-public SSO Availability LOGGER.debug( - "Skip non-public SSO availability: [institutionId={}, ssoAvailability={}]", + "Skip instn with non-public SSO avail: [instnId={}, avail={}]", institution.getInstitutionId(), ssoAvailability.getId() );