From 13952dddd85fc08115f963b259885b5c9b7f2b57 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 5 Mar 2019 08:53:50 +0100 Subject: fix attribute escaping problem in SimpleIdentityLinkAssertionParser this fix can be deactivated by property: 'configuration.bugfix.enable.idl.escaping' to get backward compatibility --- .../builder/AbstractAuthenticationDataBuilder.java | 24 +++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java index 3ba2c2cf..f578afd8 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java @@ -60,7 +60,10 @@ import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; public abstract class AbstractAuthenticationDataBuilder implements IAuthenticationDataBuilder { - private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationDataBuilder.class); + private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationDataBuilder.class); + + public static final String CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING = "configuration.bugfix.enable.idl.escaping"; + protected Collection includedToGenericAuthData = null; @Autowired protected IConfiguration basicConfig; @@ -384,10 +387,25 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati authData.setIdentificationValue(identityLink.getIdentificationValue()); authData.setIdentificationType(identityLink.getIdentificationType()); - authData.setGivenName(identityLink.getGivenName()); - authData.setFamilyName(identityLink.getFamilyName()); + /* GivenNames and FamilyNames with simple Apostrophe were escaped with ' + * in IdentityLinkParser since 5 years. This feature was bug-fix for an SL1.0 AuthBlock problem. + * However, the authentication attributes (SAML2, eIDAS, OpenID-Connect) also includes this escaped values, + * but there it is not neccesary. We fix this problem in 3.4.3, but the fix can be deactivated + * for dependency reasons. + */ + if (basicConfig.getBasicMOAIDConfigurationBoolean(CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING, false)) { + authData.setGivenName(identityLink.getGivenName().replaceAll("'", "'")); + authData.setFamilyName(identityLink.getFamilyName().replaceAll("'", "'")); + + } else { + authData.setGivenName(identityLink.getGivenName()); + authData.setFamilyName(identityLink.getFamilyName()); + + } + authData.setDateOfBirth(identityLink.getDateOfBirth()); + //remove corresponding keys from genericSessionData if exists includedGenericSessionData.remove(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME); includedGenericSessionData.remove(PVPAttributeDefinitions.GIVEN_NAME_NAME); -- cgit v1.2.3