Allow multiple alias domains

  - Every alias domain is a own EntityID which is the configured PublicURLPrefix

1 files changed, 24 insertions, 10 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index a8349f0ef..544fd9925 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -85,6 +85,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
@@ -97,6 +98,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.id.util.VelocityLogAdapter;
 import at.gv.egovernment.moa.logging.Logger;
@@ -209,7 +211,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 		
 		
 		if(METADATA.equals(action)) {
-			return new PVPTargetConfiguration();
+			return new PVPTargetConfiguration(request);
 			
 		}
 		
@@ -386,7 +388,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 
 		samlResponse.setIssueInstant(new DateTime());
 		Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
-		nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+		nissuer.setValue(pvpRequest.getAuthURLWithOutSlash());
 		nissuer.setFormat(NameID.ENTITY);
 		samlResponse.setIssuer(nissuer);
 		
@@ -459,7 +461,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 			HttpServletResponse response, InboundMessage inMsg,
 			String sessionId, String transactionId) throws MOAIDException {
 
-		PVPTargetConfiguration config = new PVPTargetConfiguration();
+		PVPTargetConfiguration config = new PVPTargetConfiguration(request);
 		
 		MOARequest msg;
 		if (inMsg instanceof MOARequest && 
@@ -495,13 +497,24 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 			
 			Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
 			
-			if (!resp.getDestination().startsWith(
-					PVPConfiguration.getInstance().getIDPPublicPath())) {
+			List<String> allowedPublicURLPrefix = 
+					AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+			boolean isAllowedDestination = false;
+			
+			for (String prefix : allowedPublicURLPrefix) {
+				if (!resp.getDestination().startsWith(
+					prefix)) {
+					isAllowedDestination = true;
+					break;
+				}
+			}
+						
+			if (!isAllowedDestination) {
 				Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
 				throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null);
 				
 			}
-						
+			
 			//TODO: check if relayState exists
 			inMsg.getRelayState();
 						
@@ -532,7 +545,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 		
 		//validate destination
 		String destinaten = attrQuery.getDestination();
-		if (!PVPConfiguration.getInstance().getIDPAttributeQueryService().equals(destinaten)) {
+		if (!PVPConfiguration.getInstance().getIDPAttributeQueryService(HTTPUtils.extractAuthURLFromRequest(request)).equals(destinaten)) {
 			Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL");
 			throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null);
 			
@@ -557,7 +570,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 			
 		}
 			
-		PVPTargetConfiguration config = new PVPTargetConfiguration();
+		PVPTargetConfiguration config = new PVPTargetConfiguration(request);
 		config.setRequest(moaRequest);
 		config.setOAURL(moaRequest.getEntityID());
 		config.setOnlineApplicationConfiguration(oa);
@@ -585,7 +598,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 		if(!(samlReq instanceof AuthnRequest)) {
 			throw new MOAIDException("Unsupported request", new Object[] {});
 		}
-					
+				
 		EntityDescriptor metadata = moaRequest.getEntityMetadata();
 		if(metadata == null) {
 			throw new NoMetadataInformationException();
@@ -606,6 +619,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 			
 		}
 			
+		
 		//parse AssertionConsumerService
 		AssertionConsumerService consumerService = null;
 		if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) && 
@@ -668,7 +682,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 		
 		Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());		
 
-		PVPTargetConfiguration config = new PVPTargetConfiguration();		
+		PVPTargetConfiguration config = new PVPTargetConfiguration(request);		
 		config.setOAURL(oaURL);
 		config.setOnlineApplicationConfiguration(oa);
 		config.setBinding(consumerService.getBinding());