add inbound/outbound interfederation SSO checks

1 files changed, 9 insertions, 1 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 8a7a876a7..ee7d452c5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -212,9 +212,17 @@ public class AuthenticationManager extends AuthServlet {
 		boolean requiredLocalAuthentication = true;
 		
 		Logger.debug("Build PVP 2.1 authentication request");
-		
+ 		
 		//get IDP metadata
 		try {
+			OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
+			if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
+				Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
+				Logger.info("Switch to local authentication on this IDP ... ");
+				perfomLocalAuthentication(request, response, target);
+				
+			}
+			
 			EntityDescriptor idpEntity = MOAMetadataProvider.getInstance().
 					getEntityDescriptor(target.getRequestedIDP());