diff options
Diffstat (limited to 'modules/authmodule-eIDAS-v2/src')
4 files changed, 67 insertions, 5 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java index fa26e48f..80348f3d 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java @@ -78,6 +78,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { validateSelectionWithState(pendingReq, countryCode); // build country-specific authentication request + buildNameIdPolicy(authnRequestBuilder, countryCode); buildLevelOfAssurance(pendingReq.getServiceProviderConfiguration(), authnRequestBuilder); buildProviderNameAndRequesterIdAttribute(pendingReq, authnRequestBuilder); buildRequestedAttributes(authnRequestBuilder); @@ -320,6 +321,21 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { } + private void buildNameIdPolicy(Builder authnRequestBuilder, String countryCode) { + String ccSpecificPolicy = basicConfig.getBasicConfiguration( + Constants.CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT + "." + countryCode.toLowerCase()); + + if (StringUtils.isNotEmpty(ccSpecificPolicy)) { + log.debug("Using specific nameIdFormat:{} to request: {}", ccSpecificPolicy, countryCode); + authnRequestBuilder.nameIdFormat(ccSpecificPolicy); + + } else { + log.trace("Using default nameIdFormat to request: {}", countryCode); + authnRequestBuilder.nameIdFormat( + basicConfig.getBasicConfiguration(Constants.CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT)); + + } + } private void buildRequestedAttributes(Builder authnRequestBuilder) { // build and add requested attribute set diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java index cf6ecb8d..82489e25 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java @@ -181,10 +181,6 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { final LightRequest.Builder builder = LightRequest.builder(); builder.id(UUID.randomUUID().toString()); - // set nameIDFormat - builder.nameIdFormat( - authConfig.getBasicConfiguration(Constants.CONFIG_PROP_EIDAS_NODE_NAMEIDFORMAT)); - builder.citizenCountryCode(citizenCountryCode); builder.issuer(issuer); // Add country-specific information into eIDAS request diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java index 761738aa..f9bca8e3 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateAuthnRequestTaskTest.java @@ -95,7 +95,8 @@ public class GenerateAuthnRequestTaskTest { basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat"); - basicConfig.removeConfigValue(Constants.CONIG_PROPS_EIDAS_WORKAROUND_STAGING_MS_CONNECTOR); + basicConfig.removeConfigValue(Constants.CONIG_PROPS_EIDAS_WORKAROUND_STAGING_MS_CONNECTOR); + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat.de"); } @@ -503,6 +504,48 @@ public class GenerateAuthnRequestTaskTest { } @Test + public void ccSpecificNameIdFormat() throws TaskExecutionException, + SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException { + // set-up test + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "DE"); + executionContext.put("selectedEnvironment", "prod"); + + String providerName = RandomStringUtils.randomAlphanumeric(10); + pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); + + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat.de", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"); + + String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); + + // execute test + task.execute(pendingReq, executionContext); + + // validate state + Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); + Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); + Assert.assertTrue("Wrong redirect endpoint", + ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); + + final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); + + Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); + Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, + eidasReq.getLevelOfAssurance()); + + Assert.assertEquals("Wrong req. attr. size", 8, eidasReq.getRequestedAttributes().size()); + + Assert.assertEquals("nameIdFormat", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + eidasReq.getNameIdFormat()); + } + + @Test public void withEidasNodePostReqNotValidTemplate() throws TaskExecutionException, SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException { //set-up test @@ -637,6 +680,9 @@ public class GenerateAuthnRequestTaskTest { String providerName = RandomStringUtils.randomAlphanumeric(10); pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); + basicConfig.putConfigValue( + "eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "false"); @@ -665,6 +711,8 @@ public class GenerateAuthnRequestTaskTest { Assert.assertNull("RequesterId found", eidasReq.getRequesterId()); Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); + Assert.assertEquals("nameIdFormat", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + eidasReq.getNameIdFormat()); } diff --git a/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties b/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties index 41f0fe7b..2cd19a01 100644 --- a/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties +++ b/modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties @@ -40,6 +40,8 @@ eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs=myNode eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high +eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + eidas.ms.auth.eIDAS.szrclient.useTestService=true eidas.ms.auth.eIDAS.szrclient.endpoint.prod= |