use AssertionConsumerServiceURL from request if it exists

1 files changed, 46 insertions, 31 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 863bfe501..d9ce6250a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -82,6 +82,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
@@ -543,52 +544,51 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 		
 		AuthnRequest authnRequest = (AuthnRequest)samlReq;
 		
-		Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
-		int assertionidx = 0;
+		//parse AssertionConsumerService
+		AssertionConsumerService consumerService = null;
+		if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) && 
+				MiscUtil.isNotEmpty(authnRequest.getProtocolBinding())) {
+			//use AssertionConsumerServiceURL from request 
+			consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+			consumerService.setBinding(authnRequest.getProtocolBinding());
+			consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL());
+
+		} else {
+			//use AssertionConsumerServiceIndex and select consumerService from metadata
+			Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
+			int assertionidx = 0;
 		
-		if(aIdx != null) {
-			assertionidx = aIdx.intValue();
+			if(aIdx != null) {
+				assertionidx = aIdx.intValue();
+			
+			} else {				
+				assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
+				
+			}		
+			consumerService  = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
 			
-		} else {				
-			assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
+			if (consumerService == null) {			
+				throw new InvalidAssertionConsumerServiceException(aIdx);
+				
+			}
 		}
 		
-		aIdx = authnRequest.getAttributeConsumingServiceIndex();
+		//select AttributeConsumingService from request
+		AttributeConsumingService attributeConsumer = null;		
+		Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
 		int attributeIdx = 0;
-		
+	
 		if(aIdx != null) {
 			attributeIdx = aIdx.intValue();
 		}
 		
-		AssertionConsumerService consumerService  = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
-		
-		AttributeConsumingService attributeConsumer = null;
-		
 		if (spSSODescriptor.getAttributeConsumingServices() != null  && 
 				spSSODescriptor.getAttributeConsumingServices().size() > 0) {
 			attributeConsumer  = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
 		} 
 		
-		PVPTargetConfiguration config = new PVPTargetConfiguration();
-				
-		String oaURL = moaRequest.getEntityMetadata().getEntityID();
-		String binding = consumerService.getBinding();
-		
-		Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + binding);
-		
-		oaURL = StringEscapeUtils.escapeHtml(oaURL);
-		
-		config.setOAURL(oaURL);
-		config.setBinding(binding);
-		config.setRequest(moaRequest);
-		config.setConsumerURL(consumerService.getLocation());
-		
-		//parse AuthRequest
-		AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
-		config.setPassiv(authReq.isPassive());
-		config.setForce(authReq.isForceAuthn());
-		
 		//validate AuthnRequest
+		AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
 		AuthnRequestValidator.validate(authReq);
 		
 		String useMandate = request.getParameter(PARAM_USEMANDATE);
@@ -599,7 +599,22 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 				}
 			}
 		}
+						
+		String oaURL = moaRequest.getEntityMetadata().getEntityID();
+		oaURL = StringEscapeUtils.escapeHtml(oaURL);
+		
+		Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());		
+
+		PVPTargetConfiguration config = new PVPTargetConfiguration();		
+		config.setOAURL(oaURL);
+		config.setBinding(consumerService.getBinding());
+		config.setRequest(moaRequest);
+		config.setConsumerURL(consumerService.getLocation());
 		
+		//parse AuthRequest
+		config.setPassiv(authReq.isPassive());
+		config.setForce(authReq.isForceAuthn());
+				
 		return config;
 	}