merge last changes to exthex.OAuth testrelease

Conflicts: id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
author: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-12-19 07:48:56 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-12-19 07:48:56 +0100
commit: 6e01fbb21b23d187cdb169ef0be8dfc15fc6638f (patch)
tree: d4ba735a5bd2f3f8e3e7f66372ccd5eef46e51fb /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols
parent: ddd803e73a4519132ce2257c621b54d004f2235f (diff)
parent: 351f8be591412e124b6d578c1afd3f72f3c25d8f (diff)
download: moa-id-spss-6e01fbb21b23d187cdb169ef0be8dfc15fc6638f.tar.gz
moa-id-spss-6e01fbb21b23d187cdb169ef0be8dfc15fc6638f.tar.bz2
moa-id-spss-6e01fbb21b23d187cdb169ef0be8dfc15fc6638f.zip
3 files changed, 35 insertions, 6 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 5e8206739..f21567245 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -21,6 +21,7 @@ import org.opensaml.saml2.core.RequestedAuthnContext;
 import org.opensaml.saml2.core.Subject;
 import org.opensaml.saml2.core.SubjectConfirmation;
 import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeConsumingService;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.NameIDFormat;
@@ -42,6 +43,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
@@ -293,7 +295,16 @@ public class PVP2AssertionBuilder implements PVPConstants {
 				.createSAMLObject(SubjectConfirmationData.class);
 		subjectConfirmationData.setInResponseTo(authnRequest.getID());
 		subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20));
-		subjectConfirmationData.setRecipient(peerEntity.getEntityID());
+		
+		//TL: change from entityID to destination URL 
+		AssertionConsumerService consumerService = spSSODescriptor
+				.getAssertionConsumerServices().get(idx);
+
+		if (consumerService == null) {
+			throw new InvalidAssertionConsumerServiceException(idx);
+		}
+		
+		subjectConfirmationData.setRecipient(consumerService.getLocation());
 
 		subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
 
@@ -303,7 +314,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		AudienceRestriction audienceRestriction = SAML2Utils
 				.createSAMLObject(AudienceRestriction.class);
 		Audience audience = SAML2Utils.createSAMLObject(Audience.class);
-
+		
 		audience.setAudienceURI(peerEntity.getEntityID());
 		audienceRestriction.getAudiences().add(audience);
 		conditions.setNotBefore(new DateTime());
@@ -316,8 +327,12 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		assertion.setConditions(conditions);
 
 		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-		issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
+		
+		//TODO: check!
+		//change to entity value from entity name to IDP EntityID (URL)
+		issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
 		issuer.setFormat(NameID.ENTITY);
+		
 		assertion.setIssuer(issuer);
 		assertion.setSubject(subject);
 		assertion.setID(SAML2Utils.getSecureIdentifier());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 1d494c512..fec21df9e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -1,8 +1,11 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
 
+import java.util.Date;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.joda.time.DateTime;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.core.Assertion;
 import org.opensaml.saml2.core.AuthnRequest;
@@ -51,10 +54,19 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 
 
 		Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
-		nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
+		
+		//TODO: check!
+		//change to entity value from entity name to IDP EntityID (URL)
+		nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+		//nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
 		nissuer.setFormat(NameID.ENTITY);
+		
 		authResponse.setIssuer(nissuer);
 		authResponse.setInResponseTo(authnRequest.getID());
+		
+		//SAML2 response required IssueInstant
+		authResponse.setIssueInstant(new DateTime());
+		
 		authResponse.getAssertions().add(assertion);
 		authResponse.setStatus(SAML2Utils.getSuccessStatus());
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
index e9d41b7ee..e85d87aa3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
@@ -91,10 +91,12 @@ public class MetadataSignatureFilter implements MetadataFilter {
 					throw new MOAIDException("Root element of metadata file has to be signed", null);
 				}
 				processEntitiesDescriptor(entitiesDescriptor);
-			} /*else if (metadata instanceof EntityDescriptor) {
+				
+			} else if (metadata instanceof EntityDescriptor) {
 				EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
 				processEntityDescriptorr(entityDescriptor);
-			} */else {
+				
+			} else {
 				throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
 			}
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-12-19 07:48:56 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-12-19 07:48:56 +0100
commit	6e01fbb21b23d187cdb169ef0be8dfc15fc6638f (patch)
tree	d4ba735a5bd2f3f8e3e7f66372ccd5eef46e51fb /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols
parent	ddd803e73a4519132ce2257c621b54d004f2235f (diff)
parent	351f8be591412e124b6d578c1afd3f72f3c25d8f (diff)
download	moa-id-spss-6e01fbb21b23d187cdb169ef0be8dfc15fc6638f.tar.gz moa-id-spss-6e01fbb21b23d187cdb169ef0be8dfc15fc6638f.tar.bz2 moa-id-spss-6e01fbb21b23d187cdb169ef0be8dfc15fc6638f.zip