aboutsummaryrefslogtreecommitdiff
path: root/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
diff options
context:
space:
mode:
Diffstat (limited to 'modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java')
-rw-r--r--modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java39
1 files changed, 35 insertions, 4 deletions
diff --git a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
index d3c93421..8fc54e39 100644
--- a/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
+++ b/modules/eidas_proxy-sevice/src/main/java/at/asitplus/eidas/specific/modules/msproxyservice/protocol/ProxyServiceAuthenticationAction.java
@@ -92,15 +92,17 @@ public class ProxyServiceAuthenticationAction implements IAction {
.statusCode(EidasConstants.SUCCESS_URI)
.build());
- // TODO: check if we can use transient subjectNameIds
- lightRespBuilder.subject(UUID.randomUUID().toString());
- lightRespBuilder.subjectNameIdFormat(NameIDType.TRANSIENT);
+ // build eIDAS attribute result
+ ImmutableAttributeMap eidasAttributes = buildAttributesFromAuthData(authData, eidasReq);
+
+ injectSubjectNameId(lightRespBuilder, eidasAttributes, eidasReq);
// TODO:
lightRespBuilder.issuer(basicConfig.getBasicConfiguration(
MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_NODE_ENTITYID));
lightRespBuilder.levelOfAssurance(authData.getEidasQaaLevel());
- lightRespBuilder.attributes(buildAttributesFromAuthData(authData, eidasReq));
+
+ lightRespBuilder.attributes(eidasAttributes);
// set SLO response object of EAAF framework
final SloInformationImpl sloInformation = new SloInformationImpl();
@@ -126,6 +128,7 @@ public class ProxyServiceAuthenticationAction implements IAction {
}
}
+
@Override
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
return true;
@@ -422,4 +425,32 @@ public class ProxyServiceAuthenticationAction implements IAction {
}
}
+ private void injectSubjectNameId(Builder lightRespBuilder, ImmutableAttributeMap eidasAttributes,
+ ILightRequest eidasReq) {
+ if (NameIDType.PERSISTENT.equals(eidasReq.getNameIdFormat())) {
+ lightRespBuilder.subjectNameIdFormat(NameIDType.PERSISTENT);
+ final AttributeDefinition<?> attrDefPersonalId =
+ attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
+ final AttributeDefinition<?> attrDefJurPersonalId =
+ attrRegistry.getCoreRegistry().getCoreAttributeRegistry().getByFriendlyName(
+ EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first();
+
+ // set SubjectNameId as same as PersonalIdentifier
+ String subjectNameId = (String) eidasAttributes.getFirstValue(attrDefPersonalId);
+ if (subjectNameId != null) {
+ lightRespBuilder.subject(subjectNameId);
+
+ } else {
+ lightRespBuilder.subject((String) eidasAttributes.getFirstValue(attrDefJurPersonalId));
+
+ }
+
+ } else {
+ lightRespBuilder.subject(UUID.randomUUID().toString());
+ lightRespBuilder.subjectNameIdFormat(NameIDType.TRANSIENT);
+
+ }
+ }
+
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 19:58:33 +0000