aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-11-28 10:54:34 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-11-28 10:54:34 +0100
commit91b54c413aca1f214de482e7ea899bdec114880d (patch)
tree3b9118a4858a574829449ce4ac3bab71ea72a38e
parentbbc999c5d7912d0658216e7a8f59619135731ebf (diff)
downloadmoa-id-spss-91b54c413aca1f214de482e7ea899bdec114880d.tar.gz
moa-id-spss-91b54c413aca1f214de482e7ea899bdec114880d.tar.bz2
moa-id-spss-91b54c413aca1f214de482e7ea899bdec114880d.zip
deactivated PVP EntityCategory mapper as default
-rw-r--r--id/server/data/deploy/conf/moa-id/moa-id.properties7
-rw-r--r--id/server/doc/handbook/config/config.html5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java60
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java1
6 files changed, 52 insertions, 29 deletions
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index 15084b387..4228b0d3a 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -43,12 +43,6 @@ service.foreignidentities.acceptedServerCertificates=
service.foreignidentities.clientKeyStore=keys/....
service.foreignidentities.clientKeyStorePassword=
-##STORK 2
-stork.fakeIdL.active=false
-stork.fakeIdL.countries=
-stork.fakeIdL.keygroup=
-stork.documentservice.url=
-
##Protocol configuration##
#PVP2
protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
@@ -59,6 +53,7 @@ protocols.pvp2.idp.ks.assertion.sign.alias=pvp_assertion
protocols.pvp2.idp.ks.assertion.sign.keypassword=password
protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion
protocols.pvp2.idp.ks.assertion.encryption.keypassword=password
+protocols.pvp2.metadata.entitycategories.active=false
#OpenID connect (OAuth)
protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index e6b86204a..1972d2150 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -576,6 +576,11 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
<td>password</td>
<td>Passwort des Schl&uuml;ssels mit dem PVP 2.1 Assertion f&uuml;r MOA-ID-Auth als Service Provider durch einen weiteren IDP Verschl&uuml;sselt werden sollen (siehe Kapitel <a href="./../interfederation/interfederation.html">Interfederation</a>)</td>
</tr>
+ <tr>
+ <td>protocols.pvp2.metadata.entitycategories.active</td>
+ <td>true / <strong>false</strong></td>
+ <td>Funktion zum Mappen einer in den Metadaten enthaltenen PVP EntityCategory auf ein Set von PVP Attributen, welche von MOA-ID returniert werden sollen.</td>
+ </tr>
</table>
<p>&nbsp;</p>
<h6><a name="basisconfig_moa_id_auth_param_protocol_openid" id="uebersicht_bekanntmachung11"></a>2.2.2.3.2 OpenID Connect</h6>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index 332604257..d3e340a90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -1311,7 +1311,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
String value = properties.getProperty(key);
if (MiscUtil.isNotEmpty(value))
- return Boolean.valueOf(value);
+ return Boolean.valueOf(value.trim());
return defaultValue;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 585aac805..7f6f9b88c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -51,6 +51,7 @@ import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.IDestroyableObject;
import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
@@ -491,7 +492,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
filterChain.getFilters().add(new SchemaValidationFilter());
- filterChain.getFilters().add(new PVPEntityCategoryFilter());
+ filterChain.getFilters().add(
+ new PVPEntityCategoryFilter(authConfig.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER,
+ false)));
if (oaParam.isInderfederationIDP()) {
Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
index 95d30db49..ed96f1962 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
@@ -54,6 +54,17 @@ import at.gv.egovernment.moaspss.logging.Logger;
public class PVPEntityCategoryFilter implements MetadataFilter {
+ private boolean isUsed = false;
+
+ /**
+ * Filter to map PVP EntityCategories into a set of single PVP attributes
+ *
+ * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored
+ *
+ */
+ public PVPEntityCategoryFilter(boolean isUsed) {
+ this.isUsed = isUsed;
+ }
/* (non-Javadoc)
@@ -61,31 +72,38 @@ public class PVPEntityCategoryFilter implements MetadataFilter {
*/
@Override
public void doFilter(XMLObject metadata) throws FilterException {
- String entityId = null;
- try {
- if (metadata instanceof EntitiesDescriptor) {
- Logger.trace("Find EnitiesDescriptor ... ");
- EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
- if (entitiesDesc.getEntityDescriptors() != null) {
- for (EntityDescriptor el : entitiesDesc.getEntityDescriptors())
- resolveEntityCategoriesToAttributes(el);
+
+ if (isUsed) {
+ Logger.trace("Map PVP EntityCategory to single PVP Attributes ... ");
+ String entityId = null;
+ try {
+ if (metadata instanceof EntitiesDescriptor) {
+ Logger.trace("Find EnitiesDescriptor ... ");
+ EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
+ if (entitiesDesc.getEntityDescriptors() != null) {
+ for (EntityDescriptor el : entitiesDesc.getEntityDescriptors())
+ resolveEntityCategoriesToAttributes(el);
+
+ }
+
+ } else if (metadata instanceof EntityDescriptor) {
+ Logger.trace("Find EntityDescriptor");
+ resolveEntityCategoriesToAttributes((EntityDescriptor)metadata);
- }
-
- } else if (metadata instanceof EntityDescriptor) {
- Logger.trace("Find EntityDescriptor");
- resolveEntityCategoriesToAttributes((EntityDescriptor)metadata);
+
+ } else
+ throw new MOAIDException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null);
- } else
- throw new MOAIDException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null);
-
-
-
- } catch (Exception e) {
- Logger.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e);
+
+ } catch (Exception e) {
+ Logger.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e);
+
+ }
- }
+ } else
+ Logger.trace("Filter to map PVP EntityCategory to single PVP Attributes is deactivated");
+
}
private void resolveEntityCategoriesToAttributes(EntityDescriptor metadata) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
index 07b07d980..4dda4c736 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -13,6 +13,7 @@ public interface AuthConfiguration extends ConfigurationProvider{
public static final String PROP_KEY_SSL_HOSTNAME_VALIDATION = "configuration.ssl.validation.hostname";
public static final String PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION = "service.onlinemandates.ssl.validation.hostname";
+ public static final String PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER = "protocols.pvp2.metadata.entitycategories.active";
public static final String DEFAULT_X509_CHAININGMODE = "pkix";