aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-07-08 09:29:16 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-07-08 09:29:16 +0200
commit206f283585a28009bb8276f78e7ea1d95298fd8c (patch)
tree44de251b31d98cd6fe8d15a46207cf66d2aa996f
parentcdbfcdbdf4b0a55071f1aad9e514a5024563ddea (diff)
downloadmoa-id-spss-206f283585a28009bb8276f78e7ea1d95298fd8c.tar.gz
moa-id-spss-206f283585a28009bb8276f78e7ea1d95298fd8c.tar.bz2
moa-id-spss-206f283585a28009bb8276f78e7ea1d95298fd8c.zip
AuthData Generierung von VerifyAuthBlock nach GenerateSAMLArtifact verschoben.
Die daraus erforderlichen PVP2 Änderungen sind zu prüfen!!!!
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java50
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java173
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java29
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java18
13 files changed, 194 insertions, 147 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 14bb53eb7..1d71fd228 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -115,6 +115,7 @@ import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
@@ -2406,17 +2407,20 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* while building the <code>&lt;saml:Assertion&gt;</code>
*/
public static AuthenticationData buildAuthenticationData(
- AuthenticationSession session,
- VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner)
+ AuthenticationSession session, OAAuthParameter oaParam, String target)
throws ConfigurationException, BuildException {
IdentityLink identityLink = session.getIdentityLink();
AuthenticationData authData = new AuthenticationData();
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
+ boolean useUTC = oaParam.getUseUTC();
+ boolean isForeigner = session.isForeigner();
boolean businessService = oaParam.getBusinessService();
+
authData.setMajorVersion(1);
authData.setMinorVersion(0);
authData.setAssertionID(Random.nextRandom());
@@ -2473,7 +2477,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// only compute bPK if online application is a public service and we have the Stammzahl
if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
String bpkBase64 = new BPKBuilder().buildBPK(
- identityLink.getIdentificationValue(), session.getTarget());
+ identityLink.getIdentificationValue(), target);
authData.setBPK(bpkBase64);
}
}
@@ -2482,7 +2486,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (businessService) {
//since we have foreigner, wbPK is not calculated in BKU
if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), session.getDomainIdentifier());
+ String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier());
authData.setWBPK(wbpkBase64);
}
@@ -2490,7 +2494,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
// only compute bPK if online application is a public service and we have the Stammzahl
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), session.getTarget());
+ String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target);
authData.setBPK(bpkBase64);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index 897933ea0..fb45e517d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -265,8 +265,8 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
//TODO: load special text from OAconfig
- String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#.";
- //String text = "";
+ //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#.";
+ String text = "";
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index fa9789530..de86a4f05 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -27,6 +27,8 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.security.MessageDigest;
import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
@@ -89,6 +91,16 @@ public class BPKBuilder {
new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" +
identificationValue + ",Register+Registernummer=" + registerAndOrdNr});
}
+
+ if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) {
+ // If domainIdentifier starts with prefix
+ // "urn:publicid:gv.at:wbpk+"; remove this prefix
+ registerAndOrdNr = registerAndOrdNr
+ .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
+ Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
+ + registerAndOrdNr);
+ }
+
String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 2e07a39a7..63ad62662 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -105,8 +105,9 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
// no target attribut is given in OA config
// target is used from request
// check parameter
- if (!ParamValidatorUtils.isValidTarget(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+ if (!ParamValidatorUtils.isValidTarget(target))
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+
} else {
// use target from config
target = targetConfig;
@@ -223,7 +224,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
target = request.getTarget();
parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req);
-
+
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 93bc0d214..e77dd30d0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -243,8 +243,8 @@ public class CreateXMLSignatureResponseValidator {
String samlSpecialText = (String)samlAttribute.getValue();
//TODO:load Text from OA config
- String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#.";
- //String text = "";
+ //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#.";
+ String text = "";
String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant);
if (!samlSpecialText.equals(specialText)) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 5342cd0d3..abfb4a1c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -256,6 +256,7 @@ public class DispatcherServlet extends AuthServlet {
RequestStorage.removePendingRequest(httpSession);
+
authmanager.logout(req, resp);
} catch (Throwable e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index 91b88acb9..f63b0049f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -10,4 +10,6 @@ public interface IRequest {
public void setModule(String module);
public void setAction(String action);
public String getTarget();
+
+ //public void setTarget();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
index 18f981243..a2f46694f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
@@ -110,16 +110,13 @@ public class CitizenTokenBuilder {
//TL: AuthData generation is moved out from VerifyAuthBlockServlet
try {
+ //TODO: LOAD oaParam from request and not from MOASession in case of SSO
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix());
- boolean useUTC = oaParam.getUseUTC();
+ .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix());
- AuthenticationData authData;
-
- authData = AuthenticationServer.buildAuthenticationData(authSession,
- authSession.getXMLVerifySignatureResponse(),
- useUTC,
- authSession.isForeigner());
+ AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession,
+ oaParam,
+ authSession.getTarget());
Attribute pvpVersion = buildPVPVersion("2.1");
Attribute secClass = buildSecClass(3);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 6b35d7640..86e941db7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -102,14 +102,14 @@ public class AuthnRequestHandler implements IRequestHandler {
//TL: AuthData generation is moved to Assertion generation.
+
+ //TODO: LOAD oaParam from request and not from MOASession in case of SSO
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(authSession.getPublicOAURLPrefix());
- boolean useUTC = oaParam.getUseUTC();
- AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession,
- authSession.getXMLVerifySignatureResponse(),
- useUTC,
- authSession.isForeigner());
+ AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession,
+ oaParam,
+ authSession.getTarget());
//TL: getIdentificationValue holds the baseID --> change to pBK
//subjectNameID.setValue(authData.getIdentificationValue());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index de87ebc50..3634c9983 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -13,6 +13,9 @@ import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -29,27 +32,48 @@ public class GetArtifactAction implements IAction {
AuthenticationManager authmanager = AuthenticationManager.getInstance();
AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
- String oaURL = (String) httpReq.getAttribute(PARAM_OA);
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
+// String oaURL = (String) httpReq.getAttribute(PARAM_OA);
+// oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ String oaURL = (String) req.getOAURL();
+ String target = (String) req.getTarget();
+
try {
-
- // check parameter
- if (!ParamValidatorUtils.isValidOA(oaURL))
+
+
+ if (oaURL == null) {
throw new WrongParametersException("StartAuthentication",
PARAM_OA, "auth.12");
-
- if (oaURL == null) {
- oaURL = session.getOAURLRequested();
}
-
- if (oaURL == null) {
+
+ // check parameter
+ if (!ParamValidatorUtils.isValidOA(oaURL))
throw new WrongParametersException("StartAuthentication",
PARAM_OA, "auth.12");
- }
-
+
+
+ // if (oaURL == null) {
+// oaURL = session.getOAURLRequested();
+// }
+
+
+ // TODO: Support Mandate MODE!
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(oaURL);
+
+ // builds authentication data and stores it together with a SAML
+ // artifact
+
+ //TODO: check, if this is correct!!!!
+ //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(),
+ // useUTC, false);
+
+ AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session,
+ oaParam,
+ target);
+
String samlArtifactBase64 = SAML1AuthenticationServer
- .BuildSAMLArtifact(session);
+ .BuildSAMLArtifact(session, oaParam, authData);
String redirectURL = oaURL;
session.getOAURLRequested();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
index 7f7d82a20..3a2f4ee9f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
@@ -1,5 +1,7 @@
package at.gv.egovernment.moa.id.protocols.saml1;
+import iaik.util.logging.Log;
+
import java.io.IOException;
import javax.servlet.ServletException;
@@ -37,90 +39,95 @@ public class GetArtifactServlet extends AuthServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- HttpSession httpSession = req.getSession();
-
- AuthenticationManager authmanager = AuthenticationManager.getInstance();
- AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
-
- String oaURL = (String) req.getAttribute(PARAM_OA);
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
-
- String target = (String) req.getAttribute(PARAM_TARGET);
- target = StringEscapeUtils.escapeHtml(target);
- try {
-
- // check parameter
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.12");
-
- if (oaURL == null) {
- oaURL = session.getOAURLRequested();
- }
-
- if (oaURL == null) {
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.12");
- }
-
- String samlArtifactBase64 = SAML1AuthenticationServer
- .BuildSAMLArtifact(session);
-
- String redirectURL = oaURL;
- session.getOAURLRequested();
- if (!session.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
- URLEncoder.encode(session.getTarget(), "UTF-8"));
-
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
- URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = resp.encodeRedirectURL(redirectURL);
-
- resp.setContentType("text/html");
- resp.setStatus(302);
-
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
-
- // CONFIRMATION FOR SSO!
- /*
- * OAAuthParameter oaParam =
- * AuthConfigurationProvider.getInstance().
- * getOnlineApplicationParameter(oaURL);
- *
- * String friendlyName = oaParam.getFriendlyName(); if(friendlyName
- * == null) { friendlyName = oaURL; }
- *
- *
- * LoginConfirmationBuilder builder = new
- * LoginConfirmationBuilder();
- * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64);
- * String form = builder.finish(oaURL, session.getIdentityLink()
- * .getName(), friendlyName);
- */
-
- /*
- resp.setContentType("text/html");
-
- OutputStream out = resp.getOutputStream();
- out.write(form.getBytes("UTF-8"));
- out.flush();
- out.close();*/
-
- } catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- } catch (ConfigurationException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (BuildException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (AuthenticationException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
+ Log.err("Sollte nicht mehr verwendet werden!!!!");
+ throw new ServletException("The Servlet Class + " + GetArtifactServlet.class
+ + " is out of date!!!");
+
+// HttpSession httpSession = req.getSession();
+//
+// AuthenticationManager authmanager = AuthenticationManager.getInstance();
+// AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
+//
+// String oaURL = (String) req.getAttribute(PARAM_OA);
+// oaURL = StringEscapeUtils.escapeHtml(oaURL);
+//
+// String target = (String) req.getAttribute(PARAM_TARGET);
+// target = StringEscapeUtils.escapeHtml(target);
+//
+// try {
+//
+// // check parameter
+// if (!ParamValidatorUtils.isValidOA(oaURL))
+// throw new WrongParametersException("StartAuthentication",
+// PARAM_OA, "auth.12");
+//
+// if (oaURL == null) {
+// oaURL = session.getOAURLRequested();
+// }
+//
+// if (oaURL == null) {
+// throw new WrongParametersException("StartAuthentication",
+// PARAM_OA, "auth.12");
+// }
+//
+// String samlArtifactBase64 = SAML1AuthenticationServer
+// .BuildSAMLArtifact(session);
+//
+// String redirectURL = oaURL;
+// session.getOAURLRequested();
+// if (!session.getBusinessService()) {
+// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+// URLEncoder.encode(session.getTarget(), "UTF-8"));
+//
+// }
+// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
+// URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+// redirectURL = resp.encodeRedirectURL(redirectURL);
+//
+// resp.setContentType("text/html");
+// resp.setStatus(302);
+//
+// resp.addHeader("Location", redirectURL);
+// Logger.debug("REDIRECT TO: " + redirectURL);
+//
+// // CONFIRMATION FOR SSO!
+// /*
+// * OAAuthParameter oaParam =
+// * AuthConfigurationProvider.getInstance().
+// * getOnlineApplicationParameter(oaURL);
+// *
+// * String friendlyName = oaParam.getFriendlyName(); if(friendlyName
+// * == null) { friendlyName = oaURL; }
+// *
+// *
+// * LoginConfirmationBuilder builder = new
+// * LoginConfirmationBuilder();
+// * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64);
+// * String form = builder.finish(oaURL, session.getIdentityLink()
+// * .getName(), friendlyName);
+// */
+//
+// /*
+// resp.setContentType("text/html");
+//
+// OutputStream out = resp.getOutputStream();
+// out.write(form.getBytes("UTF-8"));
+// out.flush();
+// out.close();*/
+//
+// } catch (WrongParametersException ex) {
+// handleWrongParameters(ex, req, resp);
+// } catch (ConfigurationException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// } catch (BuildException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// } catch (AuthenticationException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 36fd75d8b..e79954daa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -96,27 +96,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
return authData;
}
- public static String BuildSAMLArtifact(AuthenticationSession session) throws ConfigurationException, BuildException, AuthenticationException {
-
- // TODO: Support Mandate MODE!
-
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- boolean useUTC = oaParam.getUseUTC();
- boolean useCondition = oaParam.getUseCondition();
- int conditionLength = oaParam.getConditionLength();
-
- // builds authentication data and stores it together with a SAML
- // artifact
-
- //TODO: check, if this is correct!!!!
- //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(),
- // useUTC, false);
-
- AuthenticationData authData = buildAuthenticationData(session,
- session.getXMLVerifySignatureResponse(),
- useUTC,
- session.isForeigner());
+ public static String BuildSAMLArtifact(AuthenticationSession session,
+ OAAuthParameter oaParam,
+ AuthenticationData authData)
+ throws ConfigurationException, BuildException, AuthenticationException {
//TODO: check, if this is correct!!!!
// String samlAssertion = new AuthenticationDataAssertionBuilder().build(
@@ -127,6 +110,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
// session.getAssertionBusinessService(),
// session.getExtendedSAMLAttributesOA(), useCondition,
// conditionLength);
+
+
+ boolean useCondition = oaParam.getUseCondition();
+ int conditionLength = oaParam.getConditionLength();
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index b5e957c5a..09314ba37 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -9,9 +9,12 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -67,6 +70,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
RequestImpl config = new RequestImpl();
String oaURL = (String) request.getParameter(PARAM_OA);
oaURL = StringEscapeUtils.escapeHtml(oaURL);
+
String target = (String) request.getParameter(PARAM_TARGET);
target = StringEscapeUtils.escapeHtml(target);
@@ -76,15 +80,23 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
target = null;
}
-
if (!ParamValidatorUtils.isValidOA(oaURL))
throw new WrongParametersException("StartAuthentication", PARAM_OA,
"auth.12");
config.setOAURL(oaURL);
- config.setTarget(target);
+
+ //load Target only from OA config
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(oaURL);
+
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00",
+ new Object[] { oaURL });
+
+ config.setTarget(oaParam.getTarget());
request.getSession().setAttribute(PARAM_OA, oaURL);
- request.getSession().setAttribute(PARAM_TARGET, target);
+ request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget());
return config;
}