GUACAMOLE-1364: Allow both traditional username/password and SSO.

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/.ratignore

@@ -0,0 +1 @@
+src/main/resources/html/*.html

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/pom.xml

@@ -50,6 +50,12 @@
             <artifactId>guice</artifactId>
         </dependency>
 
+        <!-- JAX-RS Annotations -->
+        <dependency>
+            <groupId>javax.ws.rs</groupId>
+            <artifactId>jsr311-api</artifactId>
+        </dependency>
+
     </dependencies>
 
 </project>

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/SSOAuthenticationProvider.java

@@ -64,14 +64,20 @@ public abstract class SSOAuthenticationProvider extends AbstractAuthenticationPr
      *     The SSOAuthenticationProviderService implementation that should be
      *     used for core authentication functions.
      *
+     * @param ssoResource
+     *     The SSOResource that should be used to manually redirect the user to
+     *     the IdP, as well as to provide any implementation-specific REST
+     *     endpoints.
+     *
      * @param modules
      *     Any additional modules that should be used when creating the Guice
      *     injector.
      */
     public SSOAuthenticationProvider(
             Class<? extends SSOAuthenticationProviderService> authService,
+            Class<? extends SSOResource> ssoResource,
             Module... modules) {
-        this(authService, Arrays.asList(modules));
+        this(authService, ssoResource, Arrays.asList(modules));
     }
 
     /**
@@ -86,12 +92,18 @@ public abstract class SSOAuthenticationProvider extends AbstractAuthenticationPr
      *     The SSOAuthenticationProviderService implementation that should be
      *     used for core authentication functions.
      *
+     * @param ssoResource
+     *     The SSOResource that should be used to manually redirect the user to
+     *     the IdP, as well as to provide any implementation-specific REST
+     *     endpoints.
+     *
      * @param modules
      *     Any additional modules that should be used when creating the Guice
      *     injector.
      */
     public SSOAuthenticationProvider(
             Class<? extends SSOAuthenticationProviderService> authService,
+            Class<? extends SSOResource> ssoResource,
             Iterable<? extends Module> modules) {
         injector = Guice.createInjector(Iterables.concat(Collections.singletonList(new AbstractModule() {
 
@@ -100,6 +112,7 @@ public abstract class SSOAuthenticationProvider extends AbstractAuthenticationPr
                 bind(AuthenticationProvider.class).toInstance(SSOAuthenticationProvider.this);
                 bind(Environment.class).toInstance(LocalEnvironment.getInstance());
                 bind(SSOAuthenticationProviderService.class).to(authService);
+                bind(SSOResource.class).to(ssoResource);
             }
 
         }), modules));
@@ -145,6 +158,11 @@ public abstract class SSOAuthenticationProvider extends AbstractAuthenticationPr
 
     }
 
+    @Override
+    public SSOResource getResource() {
+        return getInjector().getInstance(SSOResource.class);
+    }
+
     @Override
     public void shutdown() {
         injector.getInstance(SSOAuthenticationProviderService.class).shutdown();

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/SSOResource.java

@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.guacamole.auth.sso;
+
+import javax.ws.rs.core.Response;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import org.apache.guacamole.GuacamoleException;
+
+/**
+ * REST API resource that provides allows the user to be manually redirected to
+ * the applicable identity provider. Implementations may also provide
+ * additional resources and endpoints beneath this resource as needed.
+ */
+public interface SSOResource {
+
+    /**
+     * Redirects the user to the relevant identity provider. If the SSO
+     * extension defining this resource is not the primary extension, and thus
+     * the user will not be automatically redirected to the IdP, this endpoint
+     * allows that redirect to occur manually upon a link/button click.
+     *
+     * @return
+     *     An HTTP Response that will redirect the user to the IdP.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs preventing the redirect from being created.
+     */
+    @GET
+    @Path("login")
+    public Response redirectToIdentityProvider() throws GuacamoleException;
+
+}

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/resources/html/sso-providers.html

@@ -0,0 +1,7 @@
+<meta name="after" content=".login-ui .login-dialog-middle">
+<div class="sso-providers">
+    <div class="sso-providers-content">
+        {{ 'LOGIN.SECTION_HEADER_SSO_OPTIONS' | translate }}
+        <ul class="sso-provider-list"></ul>
+    </div>
+</div>

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/resources/styles/sso-providers.css

@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+.login-ui .sso-providers {
+    display: none;
+}
+
+.login-ui .sso-providers:last-child {
+    display: table-row;
+}
+
+.sso-providers ul {
+    list-style: none;
+}
+
+.sso-providers ul, .sso-providers li {
+    display: inline-block;
+    margin: 0;
+    padding: 0;
+}
+
+.sso-providers li::before {
+    content: ' / ';
+}
+
+.sso-providers li:first-child::before {
+    display: none;
+}
+
+.sso-providers-content {
+    display: table-cell;
+    padding: 0.25em 0.5em;
+    height: 1px;
+}

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/resources/translations/en.json

@@ -13,10 +13,14 @@
     },
 
     "LOGIN" : {
-        "FIELD_HEADER_ID_TOKEN"     : "",
-        "FIELD_HEADER_STATE"        : "",
-        "FIELD_HEADER_TICKET"       : "",
-        "INFO_IDP_REDIRECT_PENDING" : "Please wait, redirecting to identity provider..."
+        "FIELD_HEADER_ID_TOKEN"      : "",
+        "FIELD_HEADER_STATE"         : "",
+        "FIELD_HEADER_TICKET"        : "",
+        "INFO_IDP_REDIRECT_PENDING"  : "Please wait, redirecting to identity provider...",
+        "NAME_IDP_CAS"               : "CAS",
+        "NAME_IDP_OPENID"            : "OpenID",
+        "NAME_IDP_SAML"              : "SAML",
+        "SECTION_HEADER_SSO_OPTIONS" : "Sign in with:"
     }
 
 }