diff options
author | Thomas <> | 2023-06-01 16:36:34 +0200 |
---|---|---|
committer | Thomas <> | 2023-06-05 16:56:56 +0200 |
commit | 8842e4ff602c5c7766c509d1c895b8e7e67fb732 (patch) | |
tree | d4c1a796fcc79504a93895c429d28653bcefe8fd /modules/eidas_proxy-sevice/src/main | |
parent | a760feffb1bd8ba49e482546f273ef16307d44d7 (diff) | |
download | National_eIDAS_Gateway-8842e4ff602c5c7766c509d1c895b8e7e67fb732.tar.gz National_eIDAS_Gateway-8842e4ff602c5c7766c509d1c895b8e7e67fb732.tar.bz2 National_eIDAS_Gateway-8842e4ff602c5c7766c509d1c895b8e7e67fb732.zip |
fix(proxyservice): use requested SubjectNameIdFormat in eIDAS SAML2 response
Diffstat (limited to 'modules/eidas_proxy-sevice/src/main')
-rw-r--r-- | modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java | 39 |
1 files changed, 35 insertions, 4 deletions
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java index d3c93421..8fc54e39 100644 --- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java +++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java @@ -92,15 +92,17 @@ public class ProxyServiceAuthenticationAction implements IAction { .statusCode(EidasConstants.SUCCESS_URI) .build()); - // TODO: check if we can use transient subjectNameIds - lightRespBuilder.subject(UUID.randomUUID().toString()); - lightRespBuilder.subjectNameIdFormat(NameIDType.TRANSIENT); + // build eIDAS attribute result + ImmutableAttributeMap eidasAttributes = buildAttributesFromAuthData(authData, eidasReq); + + injectSubjectNameId(lightRespBuilder, eidasAttributes, eidasReq); // TODO: lightRespBuilder.issuer(basicConfig.getBasicConfiguration( MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID)); lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel()); - lightRespBuilder.attributes(buildAttributesFromAuthData(authData, eidasReq)); + + lightRespBuilder.attributes(eidasAttributes); // set SLO response object of EAAF framework final SloInformationImpl sloInformation = new SloInformationImpl(); @@ -126,6 +128,7 @@ public class ProxyServiceAuthenticationAction implements IAction { } } + @Override public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { return true; @@ -422,4 +425,32 @@ public class ProxyServiceAuthenticationAction implements IAction { } } + private void injectSubjectNameId(Builder lightRespBuilder, ImmutableAttributeMap eidasAttributes, + ILightRequest eidasReq) { + if (NameIDType.PERSISTENT.equals(eidasReq.getNameIdFormat())) { + lightRespBuilder.subjectNameIdFormat(NameIDType.PERSISTENT); + final AttributeDefinition<?> attrDefPersonalId = + attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); + final AttributeDefinition<?> attrDefJurPersonalId = + attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName( + EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first(); + + // set SubjectNameId as same as PersonalIdentifier + String subjectNameId = (String) eidasAttributes.getFirstValue(attrDefPersonalId); + if (subjectNameId != null) { + lightRespBuilder.subject(subjectNameId); + + } else { + lightRespBuilder.subject((String) eidasAttributes.getFirstValue(attrDefJurPersonalId)); + + } + + } else { + lightRespBuilder.subject(UUID.randomUUID().toString()); + lightRespBuilder.subjectNameIdFormat(NameIDType.TRANSIENT); + + } + } + } |