summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_sp/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_sp/src/main')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java29
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java38
2 files changed, 63 insertions, 4 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java
index b0439775..7ddf05bd 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/api/IPVPAuthnRequestBuilderConfiguruation.java
@@ -2,11 +2,15 @@
*******************************************************************************/
package at.gv.egiz.eaaf.modules.pvp2.sp.api;
+import java.util.List;
+
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.xml.security.credential.Credential;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+
/**
* @author tlenz
*
@@ -139,4 +143,29 @@ public interface IPVPAuthnRequestBuilderConfiguruation {
public Element getSubjectConformationDate();
+ /**
+ * Get the EntityId of the SP in case of a SAML2 proxy use-case
+ *
+ * @return
+ */
+ public String getScopeRequesterId();
+
+
+ /**
+ * Get a FriendlyName for the SP that sends the request
+ *
+ * @return
+ */
+ public String getProviderName();
+
+
+ /**
+ * Get a Set of SAML2 attributes that are requested by using SAML2 requested attributes
+ * <br>
+ * <b>Info:</b> Attributes are requested by using eIDAS SAML2 extension for requested attributes
+ *
+ * @return
+ */
+ public List<EAAFRequestedAttribute> getRequestedAttributes();
+
}
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java
index 9b02dc77..087504e6 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java
@@ -3,6 +3,7 @@
package at.gv.egiz.eaaf.modules.pvp2.sp.impl;
import java.security.NoSuchAlgorithmException;
+import java.util.List;
import javax.servlet.http.HttpServletResponse;
@@ -10,6 +11,7 @@ import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.common.Extensions;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.AuthnRequest;
@@ -18,6 +20,8 @@ import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.NameIDType;
import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.RequesterID;
+import org.opensaml.saml2.core.Scoping;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
@@ -33,9 +37,12 @@ import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes;
import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestExtensionBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
@@ -44,7 +51,7 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
* @author tlenz
*
*/
-@Service("PVPAuthnRequestBuilder")
+@Service("pvpAuthnRequestBuilder")
public class PVPAuthnRequestBuilder {
private static final Logger log = LoggerFactory.getLogger(PVPAuthnRequestBuilder.class);
@@ -182,8 +189,31 @@ public class PVPAuthnRequestBuilder {
}
- //TODO: implement requested attributes
- //maybe: config.getRequestedAttributes();
+
+ //set ProviderName
+ if (StringUtils.isNotEmpty(config.getProviderName()))
+ authReq.setProviderName(config.getProviderName());
+
+ //set RequesterId in case of proxy mode
+ if (StringUtils.isNotEmpty(config.getScopeRequesterId())) {
+ Scoping scope = SAML2Utils.createSAMLObject(Scoping.class);
+ RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class);
+ requesterId.setRequesterID(config.getScopeRequesterId());
+ scope.getRequesterIDs().add(requesterId );
+ authReq.setScoping(scope );
+
+ }
+
+ //add optional requested attributes
+ if (config.getRequestedAttributes() != null) {
+ List<EAAFRequestedAttribute> reqAttr = config.getRequestedAttributes();
+ Extensions extenstions = new EAAFRequestExtensionBuilder().buildObject();
+ EAAFRequestedAttributes reqAttributs = SAML2Utils.createSAMLObject(EAAFRequestedAttributes.class);
+ reqAttributs.getAttributes().addAll(reqAttr);
+ extenstions.getUnknownXMLObjects().add(reqAttributs);
+ authReq.setExtensions(extenstions );
+
+ }
//select message encoder
IEncoder binding = null;
@@ -201,5 +231,5 @@ public class PVPAuthnRequestBuilder {
binding.encodeRequest(null, httpResp, authReq,
endpoint.getLocation(), pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq);
}
-
+
}