From 1f76d31e8e8f5a7bc6cd5694b989955ddc2ddc58 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 31 Mar 2022 13:00:02 +0200 Subject: feature(core): add deny-list for Spring DataBinder This mitigates possible RCE attacked called "Spring4Shell" --- connector/src/main/resources/applicationContext.xml | 2 ++ 1 file changed, 2 insertions(+) (limited to 'connector/src/main') diff --git a/connector/src/main/resources/applicationContext.xml b/connector/src/main/resources/applicationContext.xml index ec8e79f4..5c5e245c 100644 --- a/connector/src/main/resources/applicationContext.xml +++ b/connector/src/main/resources/applicationContext.xml @@ -28,6 +28,8 @@ + + -- cgit v1.2.3 From 9c732c794b99e1bd64efd584f5becaae76025de0 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 31 Mar 2022 14:38:17 +0200 Subject: refactor(core): remove deprecated operations on openSAML4 API --- .../eidas/specific/connector/config/PvpEndPointConfiguration.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'connector/src/main') diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java index c62cbeef..81c37bd0 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/config/PvpEndPointConfiguration.java @@ -89,11 +89,11 @@ public class PvpEndPointConfiguration implements IPvp2BasicConfiguration { final SurName surname = Saml2Utils.createSamlObject(SurName.class); final EmailAddress emailAddress = Saml2Utils.createSamlObject(EmailAddress.class); - givenName.setName(getAndVerifyFromConfiguration( + givenName.setValue(getAndVerifyFromConfiguration( MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_GIVENNAME)); - surname.setName(getAndVerifyFromConfiguration( + surname.setValue(getAndVerifyFromConfiguration( MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_SURNAME)); - emailAddress.setAddress(getAndVerifyFromConfiguration( + emailAddress.setURI(getAndVerifyFromConfiguration( MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_EMAIL)); contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL); @@ -121,7 +121,7 @@ public class PvpEndPointConfiguration implements IPvp2BasicConfiguration { MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME)); orgUrl.setXMLLang(DEFAULT_XML_LANG); - orgUrl.setValue(getAndVerifyFromConfiguration( + orgUrl.setURI(getAndVerifyFromConfiguration( MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_URL)); -- cgit v1.2.3 From 49a945fa17ee06f38ddada441df7a1f29c58e317 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 1 Apr 2022 21:47:48 +0200 Subject: feat(szr): add configuration property to activate/deactivate work-around for insertErnp in case of IDA mode --- connector/src/main/resources/application.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'connector/src/main') diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index e7437840..73a258d7 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -100,7 +100,7 @@ eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject=false #Raw eIDAS Id data storage eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true - +eidas.ms.auth.eIDAS.szrclient.workarounds.use.getidentitylink.for.ida=true eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true -- cgit v1.2.3