aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-05-07 17:16:42 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-05-07 17:16:42 +0200
commit9ade292185a7cd7ebfd0aad27a48324433737bfe (patch)
tree963187af67fdaa7248f4e816d56e6ffa9c0b52d2
parent26822fcf41e37e0fedca87489b60304496c9d0f0 (diff)
downloadmoa-id-spss-9ade292185a7cd7ebfd0aad27a48324433737bfe.tar.gz
moa-id-spss-9ade292185a7cd7ebfd0aad27a48324433737bfe.tar.bz2
moa-id-spss-9ade292185a7cd7ebfd0aad27a48324433737bfe.zip
add inbound/outbound interfederation SSO checks
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java6
5 files changed, 81 insertions, 1 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
index 39c8ecfdc..a59cc10e0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
@@ -130,4 +130,19 @@ public interface IOAAuthParameters {
public String getIDPAttributQueryServiceURL();
+ /**
+ * @return
+ */
+ boolean isInboundSSOInterfederationAllowed();
+
+ /**
+ * @return
+ */
+ boolean isInterfederationSSOStorageAllowed();
+
+ /**
+ * @return
+ */
+ boolean isOutboundSSOInterfederationAllowed();
+
} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index fe2117b9c..7fc5746ee 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -491,6 +491,30 @@ public String getIDPAttributQueryServiceURL() {
}
+@Override
+public boolean isInboundSSOInterfederationAllowed() {
+ if (inderfederatedIDP != null)
+ return inderfederatedIDP.isInboundSSO();
+ else
+ return false;
+}
+
+@Override
+public boolean isOutboundSSOInterfederationAllowed() {
+ if (inderfederatedIDP != null)
+ return inderfederatedIDP.isOutboundSSO();
+ else
+ return false;
+}
+
+@Override
+public boolean isInterfederationSSOStorageAllowed() {
+ if (inderfederatedIDP != null)
+ return inderfederatedIDP.isStoreSSOSession();
+ else
+ return false;
+}
+
public boolean isIDPPublicService() {
return !getBusinessService();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index f35027f21..02ac09d70 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -354,6 +354,33 @@ public class DynamicOAAuthParameters implements IOAAuthParameters {
this.applicationID = applicationID;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInboundSSOInterfederationAllowed()
+ */
+ @Override
+ public boolean isInboundSSOInterfederationAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInterfederationSSOStorageAllowed()
+ */
+ @Override
+ public boolean isInterfederationSSOStorageAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOutboundSSOInterfederationAllowed()
+ */
+ @Override
+ public boolean isOutboundSSOInterfederationAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 8a7a876a7..ee7d452c5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -212,9 +212,17 @@ public class AuthenticationManager extends AuthServlet {
boolean requiredLocalAuthentication = true;
Logger.debug("Build PVP 2.1 authentication request");
-
+
//get IDP metadata
try {
+ OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
+ if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
+ Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
+ Logger.info("Switch to local authentication on this IDP ... ");
+ perfomLocalAuthentication(request, response, target);
+
+ }
+
EntityDescriptor idpEntity = MOAMetadataProvider.getInstance().
getEntityDescriptor(target.getRequestedIDP());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index d04480ff5..a786420cf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -414,6 +414,12 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
}
+
+ if (!oa.isOutboundSSOInterfederationAllowed()) {
+ Logger.warn("Interfederation IDP " + oa.getPublicURLPrefix() + " does not allow outgoing SSO interfederation.");
+ throw new AttributQueryException("Interfederation IDP does not allow outgoing SSO interfederation.", null);
+
+ }
PVPTargetConfiguration config = new PVPTargetConfiguration();
config.setRequest(moaRequest);