diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-08-26 14:03:58 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-08-26 14:03:58 +0200 |
commit | 52a855d948a6c3090b5d696774896deac95b621f (patch) | |
tree | 34975c9f9c151a82efd8b5e23330eb9bbcf4c284 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls | |
parent | bb21974ea69b1705ef574569980a82640ca1de69 (diff) | |
download | moa-id-spss-52a855d948a6c3090b5d696774896deac95b621f.tar.gz moa-id-spss-52a855d948a6c3090b5d696774896deac95b621f.tar.bz2 moa-id-spss-52a855d948a6c3090b5d696774896deac95b621f.zip |
Allow multiple alias domains
- Every alias domain is a own EntityID which is the configured PublicURLPrefix
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls')
3 files changed, 105 insertions, 7 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index f54cffc54..18fb08f1b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -194,7 +194,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { } catch (MOADatabaseException e) { Logger.warn("Delete MOASession FAILED."); - sloContainer.putFailedOA(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); + sloContainer.putFailedOA(pvpReq.getAuthURL()); } @@ -257,8 +257,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { AssertionStorage.getInstance().put(relayState, sloContainer); - String timeOutURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() - + "/idpSingleLogout" + String timeOutURL = pvpReq + + "idpSingleLogout" + "?restart=" + relayState; VelocityContext context = new VelocityContext(); @@ -380,7 +380,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), target.requestedAction(), target.getRequestID(), oaParam, - AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); + target.getAuthURL()); MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); @@ -449,7 +449,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { authReq.setAssertionConsumerServiceIndex(0); authReq.setIssueInstant(new DateTime()); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath(); + String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath().get(0); issuer.setValue(serviceURL); issuer.setFormat(NameIDType.ENTITY); @@ -672,7 +672,9 @@ public class AuthenticationManager extends MOAIDAuthConstants { //Build authentication form - String publicURLPreFix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + String publicURLPreFix = target.getAuthURL(); + if (publicURLPreFix.endsWith("/")) + publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1); String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index 6f43b3ee7..4ae271bbc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -49,5 +49,13 @@ public interface IRequest { public List<Attribute> getRequestedAttributes(); public IOAAuthParameters getOnlineApplicationConfiguration(); + /** + * get the IDP URL PreFix, which was used for authentication request + * + * @return IDP URL PreFix <String>. The URL prefix always ends without / + */ + public String getAuthURL(); + public String getAuthURLWithOutSlash(); + //public void setTarget(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index 26fb7bd29..c9482967f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -23,15 +23,25 @@ package at.gv.egovernment.moa.id.moduls; import java.io.Serializable; +import java.net.MalformedURLException; +import java.net.URL; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.opensaml.saml2.core.Attribute; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public abstract class RequestImpl implements IRequest, Serializable{ - + private static final long serialVersionUID = 1L; private String oaURL; @@ -44,12 +54,67 @@ public abstract class RequestImpl implements IRequest, Serializable{ private String requestID; private String sessionIdentifier; private IOAAuthParameters OAConfiguration = null; + private String authURL = null; //MOA-ID interfederation private String requestedIDP = null; private MOAResponse response = null; /** + * @throws ConfigurationException + * + */ + public RequestImpl(HttpServletRequest req) throws ConfigurationException { + String authURLString = HTTPUtils.extractAuthURLFromRequest(req); + URL authURL; + try { + authURL = new URL(authURLString); + + } catch (MalformedURLException e) { + Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authURLString, e); + throw new ConfigurationException("1299", null, e); + + } + + List<String> configuredPublicURLPrefix = + AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + + if (MiscUtil.isEmpty(authURLString)) { + Logger.info("AuthenticationServiceURL extraction FAILED. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0)); + this.authURL = configuredPublicURLPrefix.get(0); + + } else { + Logger.debug("Extract AuthenticationServiceURL: " + authURLString); + URL resultURL = null; + + for (String el : configuredPublicURLPrefix) { + try { + URL configuredURL = new URL(el); + if (configuredURL.getHost().equals(authURL.getHost()) && + configuredURL.getPath().equals(authURL.getPath())) { + Logger.debug("Select configurated PublicURLPrefix: " + configuredURL + + " for authURL: " + authURLString); + resultURL = configuredURL; + } + + } catch (MalformedURLException e) { + Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el); + + } + } + + if (resultURL == null) { + Logger.warn("Extract AuthenticationServiceURL: " + authURL + " is NOT found in configuration."); + throw new ConfigurationException("config.25", new Object[]{authURLString}); + + } else { + this.authURL = resultURL.toExternalForm(); + + } + } + } + + /** * This method map the protocol specific requested attributes to PVP 2.1 attributes. * * @return List of PVP 2.1 attributes with maps all protocol specific attributes @@ -169,4 +234,27 @@ public abstract class RequestImpl implements IRequest, Serializable{ this.OAConfiguration = oaConfig; } + + /** + * @return the authURL + */ + public String getAuthURL() { + return authURL; + } + + public String getAuthURLWithOutSlash() { + if (authURL.endsWith("/")) + return authURL.substring(0, authURL.length()-1); + else + return authURL; + + } + +// /** +// * @param authURL the authURL to set +// */ +// public void setAuthURL(String authURL) { +// this.authURL = authURL; +// } + } |