aboutsummaryrefslogtreecommitdiff
path: root/modules/eidas_proxy-sevice/src/main
diff options
context:
space:
mode:
authorThomas <>2023-06-01 16:36:34 +0200
committerThomas <>2023-06-05 16:56:56 +0200
commit8842e4ff602c5c7766c509d1c895b8e7e67fb732 (patch)
treed4c1a796fcc79504a93895c429d28653bcefe8fd /modules/eidas_proxy-sevice/src/main
parenta760feffb1bd8ba49e482546f273ef16307d44d7 (diff)
downloadNational_eIDAS_Gateway-8842e4ff602c5c7766c509d1c895b8e7e67fb732.tar.gz
National_eIDAS_Gateway-8842e4ff602c5c7766c509d1c895b8e7e67fb732.tar.bz2
National_eIDAS_Gateway-8842e4ff602c5c7766c509d1c895b8e7e67fb732.zip
fix(proxyservice): use requested SubjectNameIdFormat in eIDAS SAML2 response
Diffstat (limited to 'modules/eidas_proxy-sevice/src/main')
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java39
1 files changed, 35 insertions, 4 deletions
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
index d3c93421..8fc54e39 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
@@ -92,15 +92,17 @@ public class ProxyServiceAuthenticationAction implements IAction {
.statusCode(EidasConstants.SUCCESS_URI)
.build());
- // TODO: check if we can use transient subjectNameIds
- lightRespBuilder.subject(UUID.randomUUID().toString());
- lightRespBuilder.subjectNameIdFormat(NameIDType.TRANSIENT);
+ // build eIDAS attribute result
+ ImmutableAttributeMap eidasAttributes = buildAttributesFromAuthData(authData, eidasReq);
+
+ injectSubjectNameId(lightRespBuilder, eidasAttributes, eidasReq);
// TODO:
lightRespBuilder.issuer(basicConfig.getBasicConfiguration(
MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID));
lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel());
- lightRespBuilder.attributes(buildAttributesFromAuthData(authData, eidasReq));
+
+ lightRespBuilder.attributes(eidasAttributes);
// set SLO response object of EAAF framework
final SloInformationImpl sloInformation = new SloInformationImpl();
@@ -126,6 +128,7 @@ public class ProxyServiceAuthenticationAction implements IAction {
}
}
+
@Override
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
return true;
@@ -422,4 +425,32 @@ public class ProxyServiceAuthenticationAction implements IAction {
}
}
+ private void injectSubjectNameId(Builder lightRespBuilder, ImmutableAttributeMap eidasAttributes,
+ ILightRequest eidasReq) {
+ if (NameIDType.PERSISTENT.equals(eidasReq.getNameIdFormat())) {
+ lightRespBuilder.subjectNameIdFormat(NameIDType.PERSISTENT);
+ final AttributeDefinition<?> attrDefPersonalId =
+ attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+ final AttributeDefinition<?> attrDefJurPersonalId =
+ attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first();
+
+ // set SubjectNameId as same as PersonalIdentifier
+ String subjectNameId = (String) eidasAttributes.getFirstValue(attrDefPersonalId);
+ if (subjectNameId != null) {
+ lightRespBuilder.subject(subjectNameId);
+
+ } else {
+ lightRespBuilder.subject((String) eidasAttributes.getFirstValue(attrDefJurPersonalId));
+
+ }
+
+ } else {
+ lightRespBuilder.subject(UUID.randomUUID().toString());
+ lightRespBuilder.subjectNameIdFormat(NameIDType.TRANSIENT);
+
+ }
+ }
+
}