diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-05-15 10:20:59 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-05-15 10:20:59 +0200 |
commit | d0f2b9de4406d73ea4e3beecc3ddc551fd1f73fb (patch) | |
tree | 72178e49918f2f1c40106e5976e60149a2cf0c12 | |
parent | aae0d003526cb8665df93bb715ba126dd12a473d (diff) | |
download | moa-id-spss-d0f2b9de4406d73ea4e3beecc3ddc551fd1f73fb.tar.gz moa-id-spss-d0f2b9de4406d73ea4e3beecc3ddc551fd1f73fb.tar.bz2 moa-id-spss-d0f2b9de4406d73ea4e3beecc3ddc551fd1f73fb.zip |
check if SAML2 metadata is loadable and valid
2 files changed, 17 insertions, 3 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index c9488706a..345d25cda 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -35,9 +35,14 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.httpclient.MOAHttpClient; import org.apache.log4j.Logger; +import org.opensaml.Configuration; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallerFactory; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.x509.BasicX509Credential; @@ -126,10 +131,18 @@ public class OAPVP2ConfigValidation { httpProvider = new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); httpProvider.setParserPool(new BasicParserPool()); - httpProvider.setRequireValidMetadata(true); - MetadataFilter filter = new MetaDataVerificationFilter(credential); - httpProvider.setMetadataFilter(filter); + httpProvider.setRequireValidMetadata(true); + httpProvider.setMetadataFilter(new MetaDataVerificationFilter(credential)); + httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes + httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours httpProvider.initialize(); + + if (httpProvider.getMetadata() == null) { + log.info("Metadata could be received but validation FAILED."); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request)); + } + + } } } diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index acadde847..1f0819edf 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -459,6 +459,7 @@ validation.pvp2.metadata.verify=Die Metadaten konnten nicht mit dem angegebenen validation.pvp2.certificate.format=Das angegebene PVP2 Zertifikat wei\u00DFt kein g\u00FCltiges Format auf. validation.pvp2.certificate.notfound=Kein PVP2 Zertifikat eingef\u00FCgt. validation.pvp2.metadata.ssl=Das SSL Serverzertifikat des Metadaten Service ist nicht vertrauensw\u00FCrdig. +validation.pvp2.metadata.validation=Die Metadaten konnten von der angegebenen URL geladen werden, jedoch schlug die Validierung der Metadaten fehl. validation.sso.logouturl.empty=Eine URL zum Single Log-Out Service ist erforderlich. validation.sso.logouturl.valid=Die URL zum Single Log-Out Service wei\u00DFt kein g\u00FCltiges Format auf. |