add requested attributes to PVP S-profile

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2018-07-02 18:10:21 +0200
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2018-07-02 18:10:21 +0200
commit: 47ca9c6c93447788376ba53e394ed3116d5a3dcc (patch)
tree: 84589a13c36c0af1dd7777cba370427b98b739ef /eaaf_modules/eaaf_module_pvp2_sp/src/main
parent: 92cdbc5d83547b3c3326a2878f9e58a171ac13b3 (diff)
download: EAAF-Components-47ca9c6c93447788376ba53e394ed3116d5a3dcc.tar.gz
EAAF-Components-47ca9c6c93447788376ba53e394ed3116d5a3dcc.tar.bz2
EAAF-Components-47ca9c6c93447788376ba53e394ed3116d5a3dcc.zip
2 files changed, 63 insertions, 4 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java
index b0439775..7ddf05bd 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java
@@ -2,11 +2,15 @@
  *******************************************************************************/
 package at.gv.egiz.eaaf.modules.pvp2.sp.api;
 
+import java.util.List;
+
 import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.xml.security.credential.Credential;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+
 /**
  * @author tlenz
  *
@@ -139,4 +143,29 @@ public interface IPVPAuthnRequestBuilderConfiguruation {
 	public Element getSubjectConformationDate();
 
 	
+	/**
+	 * Get the EntityId of the SP in case of a SAML2 proxy use-case 
+	 * 
+	 * @return
+	 */
+	public String getScopeRequesterId();
+	
+	
+	/**
+	 * Get a FriendlyName for the SP that sends the request
+	 * 
+	 * @return
+	 */
+	public String getProviderName();
+	
+	
+	/**
+	 * Get a Set of SAML2 attributes that are requested by using SAML2 requested attributes
+	 * <br>
+	 * <b>Info:</b> Attributes are requested by using eIDAS SAML2 extension for requested attributes
+	 * 
+	 * @return
+	 */
+	public List<EAAFRequestedAttribute> getRequestedAttributes();
+	
 }
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java
index 9b02dc77..087504e6 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java
@@ -3,6 +3,7 @@
 package at.gv.egiz.eaaf.modules.pvp2.sp.impl;
 
 import java.security.NoSuchAlgorithmException;
+import java.util.List;
 
 import javax.servlet.http.HttpServletResponse;
 
@@ -10,6 +11,7 @@ import org.apache.commons.lang3.StringUtils;
 import org.joda.time.DateTime;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.common.Extensions;
 import org.opensaml.saml2.core.AuthnContextClassRef;
 import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
 import org.opensaml.saml2.core.AuthnRequest;
@@ -18,6 +20,8 @@ import org.opensaml.saml2.core.NameID;
 import org.opensaml.saml2.core.NameIDPolicy;
 import org.opensaml.saml2.core.NameIDType;
 import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.RequesterID;
+import org.opensaml.saml2.core.Scoping;
 import org.opensaml.saml2.core.Subject;
 import org.opensaml.saml2.core.SubjectConfirmation;
 import org.opensaml.saml2.core.SubjectConfirmationData;
@@ -33,9 +37,12 @@ import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes;
 import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
 import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
 import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestExtensionBuilder;
 import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
 import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
@@ -44,7 +51,7 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
  * @author tlenz
  *
  */
-@Service("PVPAuthnRequestBuilder")
+@Service("pvpAuthnRequestBuilder")
 public class PVPAuthnRequestBuilder {
 	private static final Logger log = LoggerFactory.getLogger(PVPAuthnRequestBuilder.class);
 	
@@ -182,8 +189,31 @@ public class PVPAuthnRequestBuilder {
 						
 		}
 		
-		//TODO: implement requested attributes
-		//maybe: config.getRequestedAttributes();
+		
+		//set ProviderName
+		if (StringUtils.isNotEmpty(config.getProviderName()))
+				authReq.setProviderName(config.getProviderName());
+		
+		//set RequesterId in case of proxy mode
+		if (StringUtils.isNotEmpty(config.getScopeRequesterId())) {
+			Scoping scope = SAML2Utils.createSAMLObject(Scoping.class);
+			RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class);
+			requesterId.setRequesterID(config.getScopeRequesterId());
+			scope.getRequesterIDs().add(requesterId );
+			authReq.setScoping(scope );
+			
+		}
+		
+		//add optional requested attributes
+		if (config.getRequestedAttributes() != null) {
+			List<EAAFRequestedAttribute> reqAttr = config.getRequestedAttributes();			
+			Extensions extenstions = new EAAFRequestExtensionBuilder().buildObject();			
+			EAAFRequestedAttributes reqAttributs = SAML2Utils.createSAMLObject(EAAFRequestedAttributes.class);
+			reqAttributs.getAttributes().addAll(reqAttr);			
+			extenstions.getUnknownXMLObjects().add(reqAttributs);			
+			authReq.setExtensions(extenstions );
+							
+		}
 		
 		//select message encoder
 		IEncoder binding = null;
@@ -201,5 +231,5 @@ public class PVPAuthnRequestBuilder {
 		binding.encodeRequest(null, httpResp, authReq, 
 				endpoint.getLocation(), pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq);
 	}
-
+    
 }
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2018-07-02 18:10:21 +0200
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2018-07-02 18:10:21 +0200
commit	47ca9c6c93447788376ba53e394ed3116d5a3dcc (patch)
tree	84589a13c36c0af1dd7777cba370427b98b739ef /eaaf_modules/eaaf_module_pvp2_sp/src/main
parent	92cdbc5d83547b3c3326a2878f9e58a171ac13b3 (diff)
download	EAAF-Components-47ca9c6c93447788376ba53e394ed3116d5a3dcc.tar.gz EAAF-Components-47ca9c6c93447788376ba53e394ed3116d5a3dcc.tar.bz2 EAAF-Components-47ca9c6c93447788376ba53e394ed3116d5a3dcc.zip