diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-12-11 15:43:02 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-12-11 15:43:02 +0100 |
commit | c582412bc8d1ffcd9a2428b69fa7e4e8fb1f3c4f (patch) | |
tree | 36f68cf49fb8a5226cc0619fdb7bbf87a629e2eb /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java | |
parent | 9b3f7876fe480698d2da970b0b1ca6de0874ec48 (diff) | |
download | moa-id-spss-c582412bc8d1ffcd9a2428b69fa7e4e8fb1f3c4f.tar.gz moa-id-spss-c582412bc8d1ffcd9a2428b69fa7e4e8fb1f3c4f.tar.bz2 moa-id-spss-c582412bc8d1ffcd9a2428b69fa7e4e8fb1f3c4f.zip |
@PVP2
--also allow a EntityDescriptor element as root element in metadata files
--some adjustments in the PVP Assertion to make it SAML2 standard compliant
@MOA-ID-Auth
--improve SZR-Gateway client error handling
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 5e8206739..f21567245 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -21,6 +21,7 @@ import org.opensaml.saml2.core.RequestedAuthnContext; import org.opensaml.saml2.core.Subject; import org.opensaml.saml2.core.SubjectConfirmation; import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.metadata.AssertionConsumerService; import org.opensaml.saml2.metadata.AttributeConsumingService; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.NameIDFormat; @@ -42,6 +43,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; @@ -293,7 +295,16 @@ public class PVP2AssertionBuilder implements PVPConstants { .createSAMLObject(SubjectConfirmationData.class); subjectConfirmationData.setInResponseTo(authnRequest.getID()); subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20)); - subjectConfirmationData.setRecipient(peerEntity.getEntityID()); + + //TL: change from entityID to destination URL + AssertionConsumerService consumerService = spSSODescriptor + .getAssertionConsumerServices().get(idx); + + if (consumerService == null) { + throw new InvalidAssertionConsumerServiceException(idx); + } + + subjectConfirmationData.setRecipient(consumerService.getLocation()); subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData); @@ -303,7 +314,7 @@ public class PVP2AssertionBuilder implements PVPConstants { AudienceRestriction audienceRestriction = SAML2Utils .createSAMLObject(AudienceRestriction.class); Audience audience = SAML2Utils.createSAMLObject(Audience.class); - + audience.setAudienceURI(peerEntity.getEntityID()); audienceRestriction.getAudiences().add(audience); conditions.setNotBefore(new DateTime()); @@ -316,8 +327,12 @@ public class PVP2AssertionBuilder implements PVPConstants { assertion.setConditions(conditions); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); + + //TODO: check! + //change to entity value from entity name to IDP EntityID (URL) + issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); issuer.setFormat(NameID.ENTITY); + assertion.setIssuer(issuer); assertion.setSubject(subject); assertion.setID(SAML2Utils.getSecureIdentifier()); |