From 47ca9c6c93447788376ba53e394ed3116d5a3dcc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 2 Jul 2018 18:10:21 +0200 Subject: add requested attributes to PVP S-profile --- .../pvp2/sp/impl/PVPAuthnRequestBuilder.java | 38 +++++++++++++++++++--- 1 file changed, 34 insertions(+), 4 deletions(-) (limited to 'eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java') diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java index 9b02dc77..087504e6 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PVPAuthnRequestBuilder.java @@ -3,6 +3,7 @@ package at.gv.egiz.eaaf.modules.pvp2.sp.impl; import java.security.NoSuchAlgorithmException; +import java.util.List; import javax.servlet.http.HttpServletResponse; @@ -10,6 +11,7 @@ import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.common.Extensions; import org.opensaml.saml2.core.AuthnContextClassRef; import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.core.AuthnRequest; @@ -18,6 +20,8 @@ import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.NameIDPolicy; import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.RequesterID; +import org.opensaml.saml2.core.Scoping; import org.opensaml.saml2.core.Subject; import org.opensaml.saml2.core.SubjectConfirmation; import org.opensaml.saml2.core.SubjectConfirmationData; @@ -33,9 +37,12 @@ import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes; import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EAAFRequestExtensionBuilder; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; @@ -44,7 +51,7 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; * @author tlenz * */ -@Service("PVPAuthnRequestBuilder") +@Service("pvpAuthnRequestBuilder") public class PVPAuthnRequestBuilder { private static final Logger log = LoggerFactory.getLogger(PVPAuthnRequestBuilder.class); @@ -182,8 +189,31 @@ public class PVPAuthnRequestBuilder { } - //TODO: implement requested attributes - //maybe: config.getRequestedAttributes(); + + //set ProviderName + if (StringUtils.isNotEmpty(config.getProviderName())) + authReq.setProviderName(config.getProviderName()); + + //set RequesterId in case of proxy mode + if (StringUtils.isNotEmpty(config.getScopeRequesterId())) { + Scoping scope = SAML2Utils.createSAMLObject(Scoping.class); + RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class); + requesterId.setRequesterID(config.getScopeRequesterId()); + scope.getRequesterIDs().add(requesterId ); + authReq.setScoping(scope ); + + } + + //add optional requested attributes + if (config.getRequestedAttributes() != null) { + List reqAttr = config.getRequestedAttributes(); + Extensions extenstions = new EAAFRequestExtensionBuilder().buildObject(); + EAAFRequestedAttributes reqAttributs = SAML2Utils.createSAMLObject(EAAFRequestedAttributes.class); + reqAttributs.getAttributes().addAll(reqAttr); + extenstions.getUnknownXMLObjects().add(reqAttributs); + authReq.setExtensions(extenstions ); + + } //select message encoder IEncoder binding = null; @@ -201,5 +231,5 @@ public class PVPAuthnRequestBuilder { binding.encodeRequest(null, httpResp, authReq, endpoint.getLocation(), pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq); } - + } -- cgit v1.2.3