summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_idp/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_idp/src/main')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java54
1 files changed, 15 insertions, 39 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java
index 93ffa789..ee0eee0a 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPVP2XProtocol.java
@@ -19,9 +19,7 @@ import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.ws.security.SecurityPolicyException;
@@ -35,7 +33,6 @@ import at.gv.egiz.components.eventlog.api.EventConstants;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
@@ -47,6 +44,7 @@ import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidPVPRequestException;
import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException;
import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
@@ -61,7 +59,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.AuthnRequestValidator;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SAMLVerificationEngine;
public abstract class AbstractPVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
@@ -70,8 +67,11 @@ public abstract class AbstractPVP2XProtocol extends AbstractAuthProtocolModulCon
@Autowired(required=true) protected IPVP2BasicConfiguration pvpBasicConfiguration;
@Autowired(required=true) protected IPVPMetadataProvider metadataProvider;
@Autowired(required=true) protected SAMLVerificationEngine samlVerificationEngine;
+ @Autowired(required=true) protected IAuthnRequestValidator authRequestValidator;
private AbstractCredentialProvider pvpIDPCredentials;
+
+
/**
* Sets a specific credential provider for PVP S-Profile IDP component.
@@ -470,42 +470,14 @@ public abstract class AbstractPVP2XProtocol extends AbstractAuthProtocolModulCon
}
}
-
- //select AttributeConsumingService from request
- AttributeConsumingService attributeConsumer = null;
- Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
- int attributeIdx = 0;
-
- if(aIdx != null) {
- attributeIdx = aIdx.intValue();
- }
-
- if (spSSODescriptor.getAttributeConsumingServices() != null &&
- spSSODescriptor.getAttributeConsumingServices().size() > 0) {
- attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
- }
-
+
//validate AuthnRequest
- AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
- AuthnRequestValidator.validate(authReq);
-
-// String useMandate = request.getParameter(PARAM_USEMANDATE);
-// if(useMandate != null) {
-// if(useMandate.equals("true") && attributeConsumer != null) {
-// if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
-// throw new MandateAttributesNotHandleAbleException();
-// }
-// }
-// }
-
+ AuthnRequest authReq = (AuthnRequest) samlReq;
String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
- ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
-
- log.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());
-
- pendingReq.setSPEntityId(oaURL);
- pendingReq.setOnlineApplicationConfiguration(oa);
+ log.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());
+
+ pendingReq.setSPEntityId(StringEscapeUtils.escapeHtml(oaURL));
+ pendingReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(pendingReq.getSPEntityId()));
pendingReq.setBinding(consumerService.getBinding());
pendingReq.setRequest(moaRequest);
pendingReq.setConsumerURL(consumerService.getLocation());
@@ -513,13 +485,17 @@ public abstract class AbstractPVP2XProtocol extends AbstractAuthProtocolModulCon
//parse AuthRequest
pendingReq.setPassiv(authReq.isPassive());
pendingReq.setForce(authReq.isForceAuthn());
-
+
//AuthnRequest needs authentication
pendingReq.setNeedAuthentication(true);
//set protocol action, which should be executed after authentication
pendingReq.setAction(AuthenticationAction.class.getName());
+ log.trace("Starting extended AuthnRequest validation and processing ... ");
+ authRequestValidator.validate(request, pendingReq, authReq, spSSODescriptor);
+ log.debug("Extended AuthnRequest validation and processing finished");
+
//write revisionslog entry
revisionsLogger.logEvent(pendingReq, PVPEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST);