aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main/java/at/gv
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-03-07 13:58:05 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-03-07 13:58:05 +0100
commitef72bd803121c3383ca9c8f0dd1c308c04963330 (patch)
tree87ac848d485cbe9700401f08600c71ff840474e1 /id/ConfigWebTool/src/main/java/at/gv
parent8d0c3d8aa27084b4c1e195cf06601d0d920d176f (diff)
downloadmoa-id-spss-ef72bd803121c3383ca9c8f0dd1c308c04963330.tar.gz
moa-id-spss-ef72bd803121c3383ca9c8f0dd1c308c04963330.tar.bz2
moa-id-spss-ef72bd803121c3383ca9c8f0dd1c308c04963330.zip
check if InResponseTo match requestID
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java43
1 files changed, 21 insertions, 22 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index a51709e04..8004ab520 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -278,6 +278,18 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,
Response samlResponse = (Response) messageContext.getInboundMessage();
+ //ckeck InResponseTo matchs requestID
+ if (MiscUtil.isEmpty(authID)) {
+ log.info("NO AuthRequestID");
+ return Constants.STRUTS_ERROR;
+ }
+
+ if (!authID.equals(samlResponse.getInResponseTo())) {
+ log.warn("PVPRequestID does not match PVP2 Assertion ID!");
+ return Constants.STRUTS_ERROR;
+
+ }
+
Signature sign = samlResponse.getSignature();
if (sign == null) {
log.info("Only http POST Requests can be used");
@@ -352,29 +364,9 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,
saml2assertions = samlResponse.getAssertions();
}
-
-
- if (MiscUtil.isEmpty(authID)) {
- log.info("NO AuthRequestID");
- return Constants.STRUTS_ERROR;
- }
-
+
for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
-
- Subject subject = saml2assertion.getSubject();
- List<SubjectConfirmation> subjectconformlist = subject.getSubjectConfirmations();
- for (SubjectConfirmation el : subjectconformlist) {
- if (el.getMethod().equals(SubjectConfirmation.METHOD_BEARER)) {
- SubjectConfirmationData date = el.getSubjectConfirmationData();
-
- if (!authID.equals(date.getInResponseTo())) {
- log.warn("PVPRequestID does not match PVP2 Assertion ID!");
- return Constants.STRUTS_ERROR;
-
- }
- }
- }
-
+
Conditions conditions = saml2assertion.getConditions();
DateTime notbefore = conditions.getNotBefore();
DateTime notafter = conditions.getNotOnOrAfter();
@@ -383,6 +375,13 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,
return Constants.STRUTS_ERROR;
}
+
+ Subject subject = saml2assertion.getSubject();
+ if (subject == null) {
+ log.warn("Assertion has no Subject element");
+ return Constants.STRUTS_ERROR;
+
+ }
NameID nameID = subject.getNameID();
if (nameID == null) {