aboutsummaryrefslogtreecommitdiff
path: root/id/oa/src/main/java/at/gv/egovernment
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2019-05-24 08:14:55 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2019-05-24 08:14:55 +0200
commit996774dbf06b037d9f843e57a2cfac9bcc111a51 (patch)
treea4fb9674ac70459feb69b10c3986e14fc63bb700 /id/oa/src/main/java/at/gv/egovernment
parentcd0a225cac0ba73ec6efa5f33324a94dd9353548 (diff)
downloadmoa-id-spss-996774dbf06b037d9f843e57a2cfac9bcc111a51.tar.gz
moa-id-spss-996774dbf06b037d9f843e57a2cfac9bcc111a51.tar.bz2
moa-id-spss-996774dbf06b037d9f843e57a2cfac9bcc111a51.zip
update Demo-OA to illustrate SAML2 SubjectNameId
Diffstat (limited to 'id/oa/src/main/java/at/gv/egovernment')
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java16
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java44
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java23
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java9
4 files changed, 69 insertions, 23 deletions
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
index 09069ac7f..8ada01cb6 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
@@ -182,6 +182,21 @@ public class Configuration {
return Boolean.parseBoolean(props.getProperty("general.login.pvp2.binding.resp.redirect", "false"));
}
+
+ public boolean setAuthnContextClassRef() {
+ return Boolean.parseBoolean(props.getProperty("general.login.pvp2.req.set.authncontextclassref", "true"));
+ }
+
+ public String getScopeRequesterId() {
+ return props.getProperty("general.login.pvp2.sp.requesterId");
+ }
+
+ public boolean setNameIdPolicy() {
+ return Boolean.parseBoolean(props.getProperty("general.login.pvp2.req.set.nameIDPolicy", "true"));
+ }
+
+
+
public void initializePVP2Login() throws ConfigurationException {
if (!pvp2logininitialzied)
initalPVP2Login();
@@ -276,6 +291,5 @@ public class Configuration {
throw new ConfigurationException("PVP2 authentification can not be initialized.", e);
}
}
-
}
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
index 4c909ff80..0671b8c14 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
@@ -35,6 +35,7 @@ import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.lang3.RandomUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.runtime.RuntimeConstants;
import org.joda.time.DateTime;
@@ -52,6 +53,8 @@ import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.NameIDType;
import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.RequesterID;
+import org.opensaml.saml2.core.Scoping;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
@@ -136,11 +139,12 @@ public class Authenticate extends HttpServlet {
issuer.setFormat(NameIDType.ENTITY);
authReq.setIssuer(issuer);
- NameIDPolicy policy = SAML2Utils
- .createSAMLObject(NameIDPolicy.class);
- policy.setAllowCreate(true);
- policy.setFormat(NameID.PERSISTENT);
- authReq.setNameIDPolicy(policy);
+ if (config.setNameIdPolicy()) {
+ NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class);
+ policy.setAllowCreate(true);
+ policy.setFormat(NameID.PERSISTENT);
+ authReq.setNameIDPolicy(policy);
+ }
String entityname = config.getPVP2IDPMetadataEntityName();
if (MiscUtil.isEmpty(entityname)) {
@@ -183,20 +187,26 @@ public class Authenticate extends HttpServlet {
//authReq.setDestination("http://test.test.test");
+ if (config.setAuthnContextClassRef()) {
+ RequestedAuthnContext reqAuthContext =
+ SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
+ AuthnContextClassRef authnClassRef =
+ SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+ authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
+ reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
+ reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
+ authReq.setRequestedAuthnContext(reqAuthContext);
+ }
- RequestedAuthnContext reqAuthContext =
- SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
-
- AuthnContextClassRef authnClassRef =
- SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-
- authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
-
- reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
-
- reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
+ if (StringUtils.isNotEmpty(config.getScopeRequesterId())) {
+ Scoping scope = SAML2Utils.createSAMLObject(Scoping.class);
+ RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class);
+ requesterId.setRequesterID(config.getScopeRequesterId());
+ scope.getRequesterIDs().add(requesterId );
+ authReq.setScoping(scope );
+
+ }
- authReq.setRequestedAuthnContext(reqAuthContext);
//sign authentication request
KeyStore keyStore = config.getPVP2KeyStore();
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
index aeb4d8eac..e36a880ba 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
@@ -198,11 +198,7 @@ public class DemoApplication extends HttpServlet {
}
- //set assertion
- org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
- String assertion = DOMUtils.serializeNode(doc);
- bean.setAssertion(assertion);
-
+
if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
@@ -245,12 +241,28 @@ public class DemoApplication extends HttpServlet {
}
+ samlResponse.getAssertions().clear();
+ samlResponse.getAssertions().addAll(saml2assertions);
+
+ //set assertion
+ org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
+ String assertion = DOMUtils.serializeNode(doc);
+ bean.setAssertion(assertion);
+
+ String principleId = null;
String givenName = null;
String familyName = null;
String birthday = null;
for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
+ try {
+ principleId = saml2assertion.getSubject().getNameID().getValue();
+
+ } catch (Exception e) {
+ log.warn("Can not read SubjectNameId", e);
+ }
+
//loop through the nodes to get what we want
List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements();
for (int i = 0; i < attributeStatements.size(); i++)
@@ -277,6 +289,7 @@ public class DemoApplication extends HttpServlet {
}
+ bean.setPrincipleId(principleId);
bean.setDateOfBirth(birthday);
bean.setFamilyName(familyName);
bean.setGivenName(givenName);
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java
index 05c253b6e..59090cbcc 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java
@@ -32,6 +32,7 @@ public class ApplicationBean implements Serializable {
private String givenName;
private String dateOfBirth;
private String assertion;
+ private String principleId;
private boolean isLogin = false;
@@ -122,6 +123,14 @@ public class ApplicationBean implements Serializable {
public void setSuccessMessage(String successMessage) {
this.successMessage = successMessage;
}
+
+ public String getPrincipleId() {
+ return principleId;
+ }
+ public void setPrincipleId(String principleId) {
+ this.principleId = principleId;
+ }
+