aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-05-12 16:16:36 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-05-12 16:16:36 +0200
commit9a377f533a992d19fe264fbd9fd0b096504aba37 (patch)
treeebf6d4b6d17ab740ce70a302a3aa2de8b3c7345e
parent278b9c49645426ae7debfc6f649f2f6550464df0 (diff)
downloadmoa-id-spss-9a377f533a992d19fe264fbd9fd0b096504aba37.tar.gz
moa-id-spss-9a377f533a992d19fe264fbd9fd0b096504aba37.tar.bz2
moa-id-spss-9a377f533a992d19fe264fbd9fd0b096504aba37.zip
fix some interfederation problems
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java29
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java58
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java3
7 files changed, 90 insertions, 35 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
index 7a05d6497..215fd9a17 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
@@ -31,6 +31,7 @@ import org.apache.log4j.Logger;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
@@ -241,6 +242,19 @@ public class InterfederationIDPAction extends BasicOAAction {
return Constants.STRUTS_ERROR_VALIDATION;
} else {
+
+ //set default Target interfederated nameID caluclation
+ if (getGeneralOA().isBusinessService()) {
+ IdentificationNumber businessID = onlineapplication.getAuthComponentOA().getIdentificationNumber();
+ if (businessID == null) {
+ businessID = new IdentificationNumber();
+ onlineapplication.getAuthComponentOA().setIdentificationNumber(businessID);
+ }
+ businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP");
+
+ } else
+ onlineapplication.setTarget("MOA-IDP");
+
postProcessSaveOnlineApplication(onlineapplication);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index e83718949..010aead55 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -2,6 +2,7 @@
package at.gv.egovernment.moa.id.auth;
import iaik.asn1.ObjectID;
+import iaik.pki.PKIRuntimeException;
import iaik.util.logging.Log;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
@@ -1164,11 +1165,31 @@ public class AuthenticationServer implements MOAIDAuthConstants {
vtids, tpid);
// debug output
- // invokes the call
- Element domVsresp = new SignatureVerificationInvoker()
- .verifyXMLSignature(domVsreq);
- // debug output
+ Element domVsresp = null;
+
+ try {
+ // invokes the call
+ domVsresp = new SignatureVerificationInvoker()
+ .verifyXMLSignature(domVsreq);
+ // debug output
+
+ } catch ( ServiceException e) {
+ Logger.error("Signature verification error. ", e);
+ Logger.error("Signed Data: " + session.getAuthBlock());
+ try {
+ Logger.error("VerifyRequest: " + DOMUtils.serializeNode(domVsreq));
+ } catch (TransformerException e1) {
+ e1.printStackTrace();
+
+ } catch (IOException e1) {
+ e1.printStackTrace();
+
+ }
+
+ throw e;
+ }
+
// parses the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(
domVsresp).parseData();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 143a04dad..dca0958f3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -63,7 +63,6 @@ import javax.xml.bind.JAXBContext;
import javax.xml.bind.Unmarshaller;
import org.hibernate.cfg.Configuration;
-import org.opensaml.DefaultBootstrap;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index a37026ab4..4eba83ad5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -222,8 +222,10 @@ public class DispatcherServlet extends AuthServlet{
}
}
- //HttpSession httpSession = req.getSession();
- //Map<String, IRequest> protocolRequests = null;
+ //get SSO Cookie for Request
+ SSOManager ssomanager = SSOManager.getInstance();
+ String ssoId = ssomanager.getSSOSessionID(req);
+
IRequest protocolRequest = null;
try {
@@ -258,7 +260,8 @@ public class DispatcherServlet extends AuthServlet{
moduleAction = info.getAction(protocolRequest.requestedAction());
//create interfederated mOASession
- String sessionID = AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true);
+ String sessionID =
+ AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId);
req.getParameterMap().put(PARAM_SESSIONID, sessionID);
Logger.info("PreProcessing of SSO interfederation response complete. ");
@@ -318,16 +321,12 @@ public class DispatcherServlet extends AuthServlet{
}
AuthenticationManager authmanager = AuthenticationManager.getInstance();
- SSOManager ssomanager = SSOManager.getInstance();
String moasessionID = null;
String newSSOSessionId = null;
AuthenticationSession moasession = null;
IAuthData authData = null;
-
- //get SSO Cookie for Request
- String ssoId = ssomanager.getSSOSessionID(req);
-
+
boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);
if (needAuthentication) {
@@ -358,7 +357,7 @@ public class DispatcherServlet extends AuthServlet{
isValidSSOSession = ssomanager.isValidSSOSession(ssoId, protocolRequest);
- useSSOOA = oaParam.useSSO();
+ useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP();
//if a legacy request is used SSO should not be allowed, actually
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 094cfa31f..f4f89a4ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -130,7 +130,8 @@ public class SSOManager {
else {
if (protocolRequest != null &&
protocolRequest instanceof RequestImpl &&
- storedSession.isInterfederatedSSOSession()) {
+ storedSession.isInterfederatedSSOSession() &&
+ !storedSession.isAuthenticated()) {
if (MiscUtil.isEmpty(((RequestImpl) protocolRequest).getRequestedIDP())) {
InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 74a5e01ad..26922a13b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -215,7 +215,7 @@ public class AuthenticationSessionStoreage {
}
public static String getMOASessionSSOID(String SSOSessionID) {
- MiscUtil.assertNotNull(SSOSessionID, "moasessionID");
+ MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");
Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
@@ -643,22 +643,44 @@ public class AuthenticationSessionStoreage {
return result.get(0).getInderfederation().get(0);
}
- public static String createInterfederatedSession(IRequest req, boolean isAuthenticated) throws MOADatabaseException, AssertionAttributeExtractorExeption {
- String id = Random.nextRandom();
- AuthenticationSession session = new AuthenticationSession(id);
- session.setAuthenticated(true);
- session.setAuthenticatedUsed(false);
-
- AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
- dbsession.setSessionid(id);
- dbsession.setAuthenticated(isAuthenticated);
- dbsession.setInterfederatedSSOSession(true);
+ public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption {
+ AuthenticatedSessionStore dbsession = null;
+
+ //search for active SSO session
+ if (MiscUtil.isNotEmpty(ssoID)) {
+ String moaSession = getMOASessionSSOID(ssoID);
+ if (MiscUtil.isNotEmpty(moaSession)) {
+ try {
+ dbsession = searchInDatabase(moaSession);
+
+ }catch (MOADatabaseException e) {
+
+ }
+ }
+ }
- //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ String id = null;
Date now = new Date();
- dbsession.setCreated(now);
+
+ //create new MOASession if any exists
+ if (dbsession == null) {
+ id = Random.nextRandom();
+ dbsession = new AuthenticatedSessionStore();
+ dbsession.setSessionid(id);
+ dbsession.setCreated(now);
+
+ } else {
+ id = dbsession.getSessionid();
+
+ }
+
+ dbsession.setInterfederatedSSOSession(true);
+ dbsession.setAuthenticated(isAuthenticated);
dbsession.setUpdated(now);
+ AuthenticationSession session = new AuthenticationSession(id);
+ session.setAuthenticated(true);
+ session.setAuthenticatedUsed(false);
dbsession.setSession(SerializationUtils.serialize(session));
//add interfederation information
@@ -682,18 +704,16 @@ public class AuthenticationSessionStoreage {
idp = new InterfederationSessionStore();
idp.setCreated(now);
idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID());
-
+ idp.setMoasession(dbsession);
+ idpList.add(idp);
+
}
-
AssertionAttributeExtractor extract = new AssertionAttributeExtractor(req.getInterfederationResponse().getResponse());
idp.setSessionIndex(extract.getSessionIndex());
idp.setUserNameID(extract.getNameID());
idp.setAttributesRequested(false);
idp.setQAALevel(extract.getQAALevel());
- idp.setMoasession(dbsession);
- idpList.add(idp);
-
-
+
//store AssertionStore element to Database
try {
MOASessionDBUtils.saveOrUpdate(dbsession);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index 2a65366b8..5cfb1bb92 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -30,6 +30,7 @@ import java.util.List;
import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
+import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
@@ -109,7 +110,7 @@ public class AuthenticatedSessionStore implements Serializable{
@OneToMany(mappedBy="moasession", cascade=CascadeType.ALL)
private List<OldSSOSessionIDStore> oldssosessionids = null;
- @OneToMany(mappedBy="moasession", cascade=CascadeType.ALL)
+ @OneToMany(mappedBy="moasession", cascade=CascadeType.ALL, fetch=FetchType.EAGER)
private List<InterfederationSessionStore> inderfederation = null;
@PrePersist