diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-11-29 08:13:34 +0100 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-11-29 08:13:34 +0100 |
| commit | bbeef4d494f2af3b60a8093258887e4223dbe5d7 (patch) | |
| tree | c4395211b8608b4952393b21a849131a8bd6cef2 | |
| parent | b77f94b81123ddf50ea02fd893254579dc220880 (diff) | |
| download | moa-id-spss-bbeef4d494f2af3b60a8093258887e4223dbe5d7.tar.gz moa-id-spss-bbeef4d494f2af3b60a8093258887e4223dbe5d7.tar.bz2 moa-id-spss-bbeef4d494f2af3b60a8093258887e4223dbe5d7.zip | |
Fix problem in SAML2 AuthnRequestValidator
3 files changed, 17 insertions, 11 deletions
diff --git a/id/history.txt b/id/history.txt index c0b12dd1c..8d1495e30 100644 --- a/id/history.txt +++ b/id/history.txt @@ -8,6 +8,7 @@ Version MOA-ID Release 3.3.0: Änderungen seit Version MOA-ID 3.2.3 - Anpassungen des BKU Auswahl(OnlineBKU entfernt, Detection der lokalen BKU hinzugefügt)
- Anpassungen der Konfigurationsoberfläche (OnlineBKU entfernt)
- Bugfix - Problem mit openSAML welches unsignierte SAML2 AuthnRequests bei Redirect Binding ermöglicht
+ - Bugfix - Nicht spezifikationskonforme Validierung PVP2 AuthnRequest bezüglich NameIDPolicy
- Bugfix - Ungültig kodierter PVP2 Attributwert 'MANDATOR-NATURAL-PERSON-BPK'
- Bugfix - Updates an Endpunten um Cross-Site-Scripting (XSS) zu verhindern
- Code-Cleaning von unbenutzen Methoden und Klassen
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 45539da3f..196aa47af 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -373,7 +373,8 @@ public class PVP2AssertionBuilder implements PVPConstants { //get NameIDFormat from request AuthnRequest authnReq = (AuthnRequestImpl) authnRequest; - if (authnReq.getNameIDPolicy() != null) { + if (authnReq.getNameIDPolicy() != null && + MiscUtil.isNotEmpty(authnReq.getNameIDPolicy().getFormat())) { nameIDFormat = authnReq.getNameIDPolicy().getFormat(); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java index ab8fab5d1..4ae89466d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java @@ -28,6 +28,7 @@ import org.opensaml.saml2.core.NameIDPolicy; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException; +import at.gv.egovernment.moaspss.logging.Logger; /** * @author tlenz @@ -41,17 +42,20 @@ public class AuthnRequestValidator { NameIDPolicy nameIDPolicy = req.getNameIDPolicy(); if (nameIDPolicy != null) { String nameIDFormat = nameIDPolicy.getFormat(); - - if ( !(nameIDFormat != null && - (NameID.TRANSIENT.equals(nameIDFormat) || - NameID.PERSISTENT.equals(nameIDFormat) || - NameID.UNSPECIFIED.equals(nameIDFormat))) ) { - - throw new NameIDFormatNotSupportedException(nameIDFormat); + if (nameIDFormat != null) { + if ( !(NameID.TRANSIENT.equals(nameIDFormat) || + NameID.PERSISTENT.equals(nameIDFormat) || + NameID.UNSPECIFIED.equals(nameIDFormat)) ) { - } - } - + throw new NameIDFormatNotSupportedException(nameIDFormat); + + } + + } else + Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'"); + } else + Logger.trace("AuthnRequest includes no 'NameIDPolicy'"); + } |