diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-06-12 07:54:41 +0200 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-06-12 07:54:41 +0200 |
| commit | 52a29dc86a57a4a998de94cdf6402f40f4a9fd39 (patch) | |
| tree | accfb49ca7dbc5db130ddf91139e8cd4b1ed416a | |
| parent | 64ef43d992ffd7cfd5f571b1922ad0d32ef668ad (diff) | |
| download | moa-id-spss-52a29dc86a57a4a998de94cdf6402f40f4a9fd39.tar.gz moa-id-spss-52a29dc86a57a4a998de94cdf6402f40f4a9fd39.tar.bz2 moa-id-spss-52a29dc86a57a4a998de94cdf6402f40f4a9fd39.zip | |
use SAML2 relaystate as additional MOA session binding feature
2 files changed, 17 insertions, 6 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 4709f8c68..e7abf0f9a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1877,6 +1877,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); VelocityContext context = new VelocityContext(); context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); + context.put("RelayState", moasession.getSessionID()); context.put("action", destination); StringWriter writer = new StringWriter(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 024944c72..25749c8bc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -114,18 +114,28 @@ public class PEPSConnectorServlet extends AuthServlet { //check if https or only http
super.checkIfHTTPisAllowed(request.getRequestURL().toString());
- Logger.debug("Trying to find MOA Session-ID");
+ Logger.debug("Trying to find MOA Session-ID ...");
String moaSessionID = request.getParameter(PARAM_SESSIONID);
// escape parameter strings
moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID);
if (StringUtils.isEmpty(moaSessionID)) {
- //No authentication session has been started before
- Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
- Logger.debug("PEPSConnectorURL was: " + request.getRequestURL());
- throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
- }
+ //check if SAML2 relaystate includes a MOA sessionID
+ moaSessionID = request.getParameter("RelayState");
+ moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID);
+
+ if (StringUtils.isEmpty(moaSessionID)) {
+ //No authentication session has been started before
+ Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
+ Logger.debug("PEPSConnectorURL was: " + request.getRequestURL());
+ throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
+
+ } else
+ Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState.");
+
+ } else
+ Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter.");
if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
|