aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-02-23 08:13:11 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-02-23 08:13:11 +0100
commit44184c19d53146dcd84e2ddd704ff78aa539d511 (patch)
tree8f4d46e419674925d973c6ea851637004ca1e0ad
parentf6acad73155af58b75709077d8dee67dab0be47e (diff)
downloadmoa-id-spss-44184c19d53146dcd84e2ddd704ff78aa539d511.tar.gz
moa-id-spss-44184c19d53146dcd84e2ddd704ff78aa539d511.tar.bz2
moa-id-spss-44184c19d53146dcd84e2ddd704ff78aa539d511.zip
update eIDAS SP metadata, because SP needs persistent identifiers only
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java17
1 files changed, 12 insertions, 5 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
index 9d397074b..7b159c73d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
@@ -208,7 +208,12 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
if (!StringUtils.isEmpty(params.getAssertionConsumerUrl())) {
addAssertionConsumerService();
}
- fillNameIDFormat(spSSODescriptor);
+
+ //FIX: Austrian eIDAS node SP only needs persistent identifiers
+ NameIDFormat persistentFormat =
+ (NameIDFormat) BuilderFactoryUtil.buildXmlObject(NameIDFormat.DEFAULT_ELEMENT_NAME);
+ persistentFormat.setFormat(SamlNameIdFormat.PERSISTENT.getNameIdFormat());
+ spSSODescriptor.getNameIDFormats().add(persistentFormat);
/**FIXME:
* Double signing of SPSSODescribtor is not required
@@ -221,8 +226,8 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
entityDescriptor.getRoleDescriptors().add(spSSODescriptor);
}
-
- private void fillNameIDFormat(SSODescriptor ssoDescriptor) throws EIDASSAMLEngineException {
+
+ private void fillIDPNameIDFormat(SSODescriptor ssoDescriptor) throws EIDASSAMLEngineException {
NameIDFormat persistentFormat =
(NameIDFormat) BuilderFactoryUtil.buildXmlObject(NameIDFormat.DEFAULT_ELEMENT_NAME);
persistentFormat.setFormat(SamlNameIdFormat.PERSISTENT.getNameIdFormat());
@@ -269,7 +274,9 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
.add(getKeyDescriptor(keyInfoGeneratorFactory, params.getEncryptionCredential(), UsageType.ENCRYPTION));
}
idpSSODescriptor.addSupportedProtocol(params.getIdpSamlProtocol());
- fillNameIDFormat(idpSSODescriptor);
+
+ //Austrian eIDAS node IDP can provided persistent, transient, and unspecified identifiers
+ fillIDPNameIDFormat(idpSSODescriptor);
if (params.getIdpEngine() != null) {
@@ -298,7 +305,7 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
}
- /*TODO: Only a work-around to add eIDAS attributes, which could be provided from MOA-ID, to IDP metadata
+ /* FIX: Work-around to add eIDAS attributes, which could be provided from MOA-ID, to IDP metadata
* If we restrict the eIDAS Engine attribute definitions then also additional incoming attributes can not processed any more.
*/
public ImmutableSortedSet<AttributeDefinition<?>> getAllSupportedAttributes() {