From d2dec4601c41131c3ca509a8f7907b91af0ba2a6 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Mon, 19 Dec 2022 15:50:38 +0100 Subject: feat(eidas-connector): support not-notified LoA - not-notified LoA is currently used by Ukraine --- .../connector/verification/AuthnRequestValidator.java | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'ms_specific_connector/src/main/java/at/asitplus/eidas/specific') diff --git a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java index 23702264..0452353a 100644 --- a/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java +++ b/ms_specific_connector/src/main/java/at/asitplus/eidas/specific/connector/verification/AuthnRequestValidator.java @@ -58,7 +58,7 @@ import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor; import at.gv.egiz.eaaf.modules.pvp2.exception.NameIdFormatNotSupportedException; -import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance; +import eu.eidas.auth.commons.protocol.eidas.NotifiedLevelOfAssurance; public class AuthnRequestValidator implements IAuthnRequestPostProcessor { @@ -266,13 +266,13 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { final List reqLoA = extractLoA(authnReq); log.trace("SP requests LoA with: {}", String.join(", ", reqLoA)); - LevelOfAssurance minimumLoAFromConfig = LevelOfAssurance.fromString(basicConfig.getBasicConfiguration( - MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL, - EaafConstants.EIDAS_LOA_HIGH)); + NotifiedLevelOfAssurance minimumLoAFromConfig = NotifiedLevelOfAssurance.fromString( + basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_EIDAS_REQUEST_LOA_MINIMUM_LEVEL, + EaafConstants.EIDAS_LOA_HIGH)); if (minimumLoAFromConfig == null) { log.warn("Can not load minimum LoA from configuration. Use LoA: {} as default", EaafConstants.EIDAS_LOA_HIGH); - minimumLoAFromConfig = LevelOfAssurance.HIGH; + minimumLoAFromConfig = NotifiedLevelOfAssurance.HIGH; } @@ -281,7 +281,7 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { final List allowedLoA = new ArrayList<>(); for (final String loa : reqLoA) { try { - final LevelOfAssurance intLoa = LevelOfAssurance.fromString(loa); + final NotifiedLevelOfAssurance intLoa = NotifiedLevelOfAssurance.fromString(loa); String selectedLoA = EaafConstants.EIDAS_LOA_HIGH; if (intLoa != null && intLoa.numericValue() <= minimumLoAFromConfig.numericValue()) { @@ -340,11 +340,13 @@ public class AuthnRequestValidator implements IAuthnRequestPostProcessor { } else { result.add(authContext.getAuthnContextClassRefs().get(0).getAuthnContextClassRef()); + } } else if (authContext.getComparison().equals(AuthnContextComparisonTypeEnumeration.EXACT)) { for (final AuthnContextClassRef el : authContext.getAuthnContextClassRefs()) { result.add(el.getAuthnContextClassRef()); + } } else { -- cgit v1.2.3