diff options
| author | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2014-06-05 18:28:01 +0200 | 
|---|---|---|
| committer | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2014-06-05 18:28:01 +0200 | 
| commit | c7c87f61be0358786c563817d56a92434f0ece1d (patch) | |
| tree | d12dd1349375ecf732ae3f0bf424ae3286964963 /id/server/idserverlib/src/main/java/at/gv | |
| parent | 509702fe127404554451857e49a0493e3d24b150 (diff) | |
| parent | 6f814ec50badeacbb22ac2556c894b996ddc3959 (diff) | |
| download | moa-id-spss-c7c87f61be0358786c563817d56a92434f0ece1d.tar.gz moa-id-spss-c7c87f61be0358786c563817d56a92434f0ece1d.tar.bz2 moa-id-spss-c7c87f61be0358786c563817d56a92434f0ece1d.zip | |
Merge branch 'moa-2.1-Snapshot' of gitlab.iaik.tugraz.at:afitzek/moa-idspss into moa-2.1-Snapshot
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
10 files changed, 241 insertions, 113 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 632227d79..c0e1dd3ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -27,6 +27,8 @@ import iaik.x509.X509Certificate;  import java.io.IOException;  import java.io.InputStream;  import java.util.ArrayList; +import java.util.Date; +import java.util.GregorianCalendar;  import java.util.List;  import javax.naming.ldap.LdapName; @@ -445,6 +447,9 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {  		authData.setSsoSession(true); +		if (assertion.getConditions() != null && assertion.getConditions().getNotOnOrAfter() != null) +			authData.setSsoSessionValidTo(assertion.getConditions().getNotOnOrAfter().toDate()); +		  		//only for SAML1  		if (PVPConstants.STORK_QAA_1_4.equals(authData.getQAALevel()))  			authData.setQualifiedCertificate(true); @@ -454,7 +459,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {  	}  	private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session,  -			IOAAuthParameters oaParam) throws BuildException { +			IOAAuthParameters oaParam) throws BuildException, ConfigurationException {  		String target = oaParam.getTarget(); @@ -465,7 +470,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {  		boolean businessService = oaParam.getBusinessService();  		authData.setIssuer(session.getAuthURL()); - +				  		//baseID or wbpk in case of BusinessService without SSO or BusinessService SSO  		authData.setIdentificationValue(identityLink.getIdentificationValue());  		authData.setIdentificationType(identityLink.getIdentificationType()); @@ -529,6 +534,19 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {  			authData.setSsoSession(AuthenticationSessionStoreage.isSSOSession(session.getSessionID())); +			//set max. SSO session time +			if (authData.isSsoSession()) { +				long maxSSOSessionTime = AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionCreated().longValue() * 1000;		 +				Date ssoSessionValidTo = new Date(session.getSessionCreated().getTime() + maxSSOSessionTime); +				authData.setSsoSessionValidTo(ssoSessionValidTo); +				 +			} else { +				//set valid to 5 min +				Date ssoSessionValidTo = new Date(new Date().getTime() + 5 * 60 * 1000); +				authData.setSsoSessionValidTo(ssoSessionValidTo); +				 +			} +			  			/* TODO: Support SSO Mandate MODE!  			 * Insert functionality to translate mandates in case of SSO   diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index c5ba49b2e..8726c1618 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -42,6 +42,7 @@ import java.io.Serializable;  import java.security.cert.CertificateEncodingException;  import java.security.cert.CertificateException;  import java.util.ArrayList; +import java.util.Date;  import java.util.Iterator;  import java.util.List;  import java.util.Vector; @@ -78,6 +79,9 @@ public class AuthenticationSession implements Serializable {  	 * session ID  	 */  	private String sessionID; +	 +	private Date sessionCreated = null; +	  	/**  	 * "Geschäftsbereich" the online application belongs to; maybe <code>null</code> if the  	 * online application is a business application @@ -344,8 +348,9 @@ public class AuthenticationSession implements Serializable {  	 * @param id  	 *            Session ID  	 */ -	public AuthenticationSession(String id) { +	public AuthenticationSession(String id, Date created) {  		sessionID = id; +		sessionCreated = created;  		// setTimestampStart();  //		infoboxValidators = new ArrayList();  	} @@ -1050,6 +1055,13 @@ public class AuthenticationSession implements Serializable {  		this.storkAuthnResponse = storkAuthnResponse;  	} +	/** +	 * @return the sessionCreated +	 */ +	public Date getSessionCreated() { +		return sessionCreated; +	} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 33e62d3d0..5685977bc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -135,6 +135,7 @@ public class AuthenticationData  implements IAuthData, Serializable {  	  private String QAALevel = null;  	  private boolean ssoSession = false; +	  private Date ssoSessionValidTo = null;  	  private boolean interfederatedSSOSession = false;  	  private String interfederatedIDP = null; @@ -656,7 +657,23 @@ public class AuthenticationData  implements IAuthData, Serializable {  	public void setInterfederatedIDP(String interfederatedIDP) {  		this.interfederatedIDP = interfederatedIDP;  	} + +	/** +	 * @return the ssoSessionValidTo +	 */ +	public Date getSsoSessionValidTo() { +		return ssoSessionValidTo; +	} + +	/** +	 * @param ssoSessionValidTo the ssoSessionValidTo to set +	 */ +	public void setSsoSessionValidTo(Date ssoSessionValidTo) { +		this.ssoSessionValidTo = ssoSessionValidTo; +	} + +  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java index 4ea81f134..7e421da0f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java @@ -53,6 +53,8 @@ public interface IAuthData {  	 String getBPK();  	 String getBPKType(); +	 Date getSsoSessionValidTo(); +	   	 String getInterfederatedIDP();  	 String getIdentificationValue(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java index a0f3dd309..df195c0de 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java @@ -29,8 +29,10 @@ import java.util.LinkedHashMap;  import java.util.List;  import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.NameID;  import org.opensaml.saml2.metadata.SingleLogoutService; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;  import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;  import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;  import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; @@ -52,47 +54,87 @@ public class SLOInformationContainer implements Serializable {  	public void parseActiveOAs(List<OASessionStore> dbOAs, String removeOAID) { -		activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationImpl>(); -		activeBackChannelOAs = new LinkedHashMap<String, SLOInformationImpl>(); +		if (activeBackChannelOAs == null) +			activeBackChannelOAs = new LinkedHashMap<String, SLOInformationImpl>(); +		if (activeFrontChannalOAs == null) +			activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationImpl>();  		if (dbOAs != null) {  			for (OASessionStore oa : dbOAs) { -				//Actually only PVP 2.1 support Single LogOut -				if (PVP2XProtocol.NAME.equals(oa.getProtocolType()) && -						!oa.getOaurlprefix().equals(removeOAID)) {					 +				if (!oa.getOaurlprefix().equals(removeOAID)) { +					 +					//Actually only PVP 2.1 support Single LogOut +					if (PVP2XProtocol.PATH.equals(oa.getProtocolType())) {					 +						SingleLogoutService sloDesc; +						try { +							sloDesc = SingleLogOutBuilder.getRequestSLODescriptor(oa.getOaurlprefix()); +						 +							if (sloDesc.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))										 +								activeBackChannelOAs.put(oa.getOaurlprefix(),  +										new SLOInformationImpl( +											oa.getAssertionSessionID(),  +											oa.getUserNameID(),  +											oa.getUserNameIDFormat(),  +											oa.getProtocolType(), +											sloDesc)); +						 +							else +								activeFrontChannalOAs.put(oa.getOaurlprefix(),  +										new SLOInformationImpl( +											oa.getAssertionSessionID(),  +											oa.getUserNameID(),  +											oa.getUserNameIDFormat(),  +											oa.getProtocolType(), +											sloDesc)); +							 +						} catch (NOSLOServiceDescriptorException e) { +							putFailedOA(oa.getOaurlprefix()); +													 +						} +					 +					} else +						putFailedOA(oa.getOaurlprefix()); +				} +			}			 +		}		 +	} + +	/** +	 * @param dbIDPs +	 * @param value +	 */ +	public void parseActiveIDPs(List<InterfederationSessionStore> dbIDPs, +			String removeIDP) {		 +		if (activeBackChannelOAs == null) +			activeBackChannelOAs = new LinkedHashMap<String, SLOInformationImpl>(); +		if (activeFrontChannalOAs == null) +			activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationImpl>(); +		 +		if (dbIDPs != null) { +			for (InterfederationSessionStore el : dbIDPs) {				 +				if (!el.getIdpurlprefix().equals(removeIDP)) { +					  					SingleLogoutService sloDesc;  					try { -						sloDesc = SingleLogOutBuilder.getRequestSLODescriptor(oa.getOaurlprefix()); -					 -						if (sloDesc.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))										 -							activeBackChannelOAs.put(oa.getOaurlprefix(),  -									new SLOInformationImpl( -										oa.getAssertionSessionID(),  -										oa.getUserNameID(),  -										oa.getUserNameIDFormat(),  -										oa.getProtocolType(), -										sloDesc)); +						sloDesc = SingleLogOutBuilder.getRequestSLODescriptor(el.getIdpurlprefix()); -						else -							activeFrontChannalOAs.put(oa.getOaurlprefix(),  -									new SLOInformationImpl( -										oa.getAssertionSessionID(),  -										oa.getUserNameID(),  -										oa.getUserNameIDFormat(),  -										oa.getProtocolType(), +						activeFrontChannalOAs.put(el.getIdpurlprefix(),  +								new SLOInformationImpl( +										el.getSessionIndex(),  +										el.getUserNameID(),  +										NameID.TRANSIENT,  +										PVP2XProtocol.PATH,  										sloDesc));  					} catch (NOSLOServiceDescriptorException e) { -						putFailedOA(oa.getOaurlprefix()); +						putFailedOA(el.getIdpurlprefix());  					} -					 -				} else -					putFailedOA(oa.getOaurlprefix()); +				}				  			}			  		}		  	} -		 +	  	public String getNextFrontChannelOA() {  		Iterator<String> interator = activeFrontChannalOAs.keySet().iterator();  		if (interator.hasNext()) @@ -147,9 +189,5 @@ public class SLOInformationContainer implements Serializable {  		if (sloFailedOAs == null)  			sloFailedOAs = new ArrayList<String>();  		sloFailedOAs.add(oaID); -	} - - -	 -	 +	}	  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 01f7e18ba..c60e69df6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -258,21 +258,21 @@ public class MetadataAction implements IAction {  		//add SLO descriptor -//		SingleLogoutService postSLOService =  -//				SAML2Utils.createSAMLObject(SingleLogoutService.class);			 -//		postSLOService.setLocation(PVPConfiguration -//				.getInstance().getIDPSSOPostService()); -//		postSLOService -//				.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); -//		spSSODescriptor.getSingleLogoutServices().add(postSLOService); -//		 -//		SingleLogoutService redirectSLOService =  -//				SAML2Utils.createSAMLObject(SingleLogoutService.class);			 -//		redirectSLOService.setLocation(PVPConfiguration -//				.getInstance().getIDPSSOPostService()); -//		redirectSLOService -//				.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); -//		spSSODescriptor.getSingleLogoutServices().add(redirectSLOService); +		SingleLogoutService postSLOService =  +				SAML2Utils.createSAMLObject(SingleLogoutService.class);			 +		postSLOService.setLocation(PVPConfiguration +				.getInstance().getIDPSSOPostService()); +		postSLOService +				.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); +		spSSODescriptor.getSingleLogoutServices().add(postSLOService); +		 +		SingleLogoutService redirectSLOService =  +				SAML2Utils.createSAMLObject(SingleLogoutService.class);			 +		redirectSLOService.setLocation(PVPConfiguration +				.getInstance().getIDPSSOPostService()); +		redirectSLOService +				.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); +		spSSODescriptor.getSingleLogoutServices().add(redirectSLOService);  		spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); @@ -333,13 +333,13 @@ public class MetadataAction implements IAction {  					postSingleSignOnService);  			//add SLO descriptor -//			SingleLogoutService postSLOService =  -//					SAML2Utils.createSAMLObject(SingleLogoutService.class);			 -//			postSLOService.setLocation(PVPConfiguration -//					.getInstance().getIDPSSOPostService()); -//			postSLOService -//					.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); -//			idpSSODescriptor.getSingleLogoutServices().add(postSLOService); +			SingleLogoutService postSLOService =  +					SAML2Utils.createSAMLObject(SingleLogoutService.class);			 +			postSLOService.setLocation(PVPConfiguration +					.getInstance().getIDPSSOPostService()); +			postSLOService +					.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); +			idpSSODescriptor.getSingleLogoutServices().add(postSLOService);  		} @@ -355,13 +355,13 @@ public class MetadataAction implements IAction {  					redirectSingleSignOnService);  			//add SLO descriptor -//			SingleLogoutService redirectSLOService =  -//					SAML2Utils.createSAMLObject(SingleLogoutService.class);			 -//			redirectSLOService.setLocation(PVPConfiguration -//					.getInstance().getIDPSSOPostService()); -//			redirectSLOService -//					.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); -//			idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService); +			SingleLogoutService redirectSLOService =  +					SAML2Utils.createSAMLObject(SingleLogoutService.class);			 +			redirectSLOService.setLocation(PVPConfiguration +					.getInstance().getIDPSSORedirectService()); +			redirectSLOService +					.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); +			idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService);  		}  		/*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index c67d10ab7..92441e663 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -42,6 +42,7 @@ import org.opensaml.xml.security.SecurityException;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;  import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -124,9 +125,11 @@ public class SingleLogOutAction implements IAction {  				}  				//store active OAs to SLOContaine -				List<OASessionStore> dbOAs = AuthenticationSessionStoreage.getAllActiveOAFromMOASession(session);				 +				List<OASessionStore> dbOAs = AuthenticationSessionStoreage.getAllActiveOAFromMOASession(session); +				List<InterfederationSessionStore> dbIDPs = AuthenticationSessionStoreage.getAllActiveIDPsFromMOASession(session);  				SLOInformationContainer sloContainer = new SLOInformationContainer();  				sloContainer.setSloRequest(pvpReq); +				sloContainer.parseActiveIDPs(dbIDPs, logOutReq.getIssuer().getValue());  				sloContainer.parseActiveOAs(dbOAs, logOutReq.getIssuer().getValue());  				//terminate MOASession @@ -247,10 +250,13 @@ public class SingleLogOutAction implements IAction {  	private void checkStatusCode(SLOInformationContainer sloContainer, LogoutResponse logOutResp) {  		Status status = logOutResp.getStatus();				 -		if (!status.getStatusCode().equals(StatusCode.SUCCESS_URI)) { +		if (!status.getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { +			String message = " Message: "; +			if (status.getStatusMessage() != null)  +				message += status.getStatusMessage().getMessage();  			Logger.warn("Single LogOut for OA " + logOutResp.getIssuer().getValue()  					+ " FAILED. (ResponseCode: " + status.getStatusCode().getValue() -					+ " Message: " + status.getStatusMessage().getMessage() + ")"); +					+ message + ")");  			sloContainer.putFailedOA(logOutResp.getIssuer().getValue());  		} else diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index 04d374e93..7aa860c5c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -35,6 +35,7 @@ import org.opensaml.saml2.core.StatusCode;  import org.opensaml.saml2.core.StatusMessage;  import org.opensaml.saml2.metadata.EntityDescriptor;  import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.SSODescriptor;  import org.opensaml.saml2.metadata.SingleLogoutService;  import org.opensaml.saml2.metadata.provider.MetadataProviderException; @@ -125,7 +126,7 @@ public class SingleLogOutBuilder {  	public static SingleLogoutService getRequestSLODescriptor(String entityID) throws NOSLOServiceDescriptorException {  		try {  			EntityDescriptor entity = MOAMetadataProvider.getInstance().getEntityDescriptor(entityID); -			SPSSODescriptor spsso = entity.getSPSSODescriptor(SAMLConstants.SAML20P_NS); +			SSODescriptor spsso = entity.getSPSSODescriptor(SAMLConstants.SAML20P_NS);  			SingleLogoutService sloService = null;			  			for (SingleLogoutService el : spsso.getSingleLogoutServices()) { @@ -173,14 +174,18 @@ public class SingleLogOutBuilder {  			if (el.getBinding().equals(spRequest.getBinding()))  				sloService = el;  		} -		if (sloService == null && spsso.getSingleLogoutServices().size() != 0) -			sloService = spsso.getSingleLogoutServices().get(0); -		else { -			Logger.error("Found no SLO ServiceDescriptor in Metadata");				 -			throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null); +		if (sloService == null)  { +			if (spsso.getSingleLogoutServices().size() != 0)		 +				sloService = spsso.getSingleLogoutServices().get(0); +		 +			else { +				Logger.error("Found no SLO ServiceDescriptor in Metadata");				 +				throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null); +			}  		} -		return sloService; +		 +		return sloService;		  	}  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 4d6343fce..fa5d252bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -135,7 +135,8 @@ public class PVP2AssertionBuilder implements PVPConstants {  		SubjectConfirmationData subjectConfirmationData = null;  		return buildGenericAssertion(attrQuery.getIssuer().getValue(), date,  -				authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex); +				authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, +				new DateTime(authData.getSsoSessionValidTo().getTime()));  	}  	public static Assertion buildAssertion(AuthnRequest authnRequest, @@ -393,8 +394,8 @@ public class PVP2AssertionBuilder implements PVPConstants {  		SubjectConfirmationData subjectConfirmationData = SAML2Utils  				.createSAMLObject(SubjectConfirmationData.class);  		subjectConfirmationData.setInResponseTo(authnRequest.getID()); -		subjectConfirmationData.setNotOnOrAfter(date.plusMinutes(5)); -				 +		subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime())); +		  		subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());  		//set SLO information @@ -402,13 +403,13 @@ public class PVP2AssertionBuilder implements PVPConstants {  		sloInformation.setNameIDFormat(subjectNameID.getFormat());  		sloInformation.setSessionIndex(sessionIndex); -		return buildGenericAssertion(peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex); +		return buildGenericAssertion(peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter());  	}  	private static Assertion buildGenericAssertion(String entityID, DateTime date,   			AuthnContextClassRef authnContextClassRef, List<Attribute> attrList,   			NameID subjectNameID, SubjectConfirmationData subjectConfirmationData,  -			String sessionIndex) throws ConfigurationException { +			String sessionIndex, DateTime isValidTo) throws ConfigurationException {  		Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);  		AuthnContext authnContext = SAML2Utils @@ -448,10 +449,9 @@ public class PVP2AssertionBuilder implements PVPConstants {  		audience.setAudienceURI(entityID);  		audienceRestriction.getAudiences().add(audience); -		conditions.setNotBefore(date); -		 -		conditions.setNotOnOrAfter(date.plusMinutes(5)); -		 +		conditions.setNotBefore(date);		 +		conditions.setNotOnOrAfter(isValidTo); +				  		conditions.getAudienceRestrictions().add(audienceRestriction);  		assertion.setConditions(conditions); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 6c2900752..1c74aea55 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -64,7 +64,7 @@ public class AuthenticationSessionStoreage {  		AuthenticatedSessionStore session;  		try { -			session = searchInDatabase(moaSessionID); +			session = searchInDatabase(moaSessionID, true);  			return session.isAuthenticated();  		} catch (MOADatabaseException e) { @@ -72,19 +72,20 @@ public class AuthenticationSessionStoreage {  		}  	} -	public static AuthenticationSession createSession() throws MOADatabaseException { +	public static AuthenticationSession createSession() throws MOADatabaseException, BuildException {  		String id = Random.nextRandom(); -		AuthenticationSession session = new AuthenticationSession(id); -		 +  		AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();  		dbsession.setSessionid(id);  		dbsession.setAuthenticated(false); -		//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1  -		dbsession.setCreated(new Date()); -		dbsession.setUpdated(new Date()); +		//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 +		Date now = new Date(); +		dbsession.setCreated(now); +		dbsession.setUpdated(now); -		dbsession.setSession(SerializationUtils.serialize(session)); +		AuthenticationSession session = new AuthenticationSession(id, now); +		encryptSession(session, dbsession);  		//store AssertionStore element to Database  		try { @@ -102,7 +103,7 @@ public class AuthenticationSessionStoreage {  	public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {  		try { -			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); +			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);  			return decryptSession(dbsession);  		} catch (MOADatabaseException e) { @@ -122,7 +123,7 @@ public class AuthenticationSessionStoreage {  	public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException {  		try { -			AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); +			AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true);  			if (MiscUtil.isNotEmpty(pendingRequestID))  				dbsession.setPendingRequestID(pendingRequestID); @@ -175,7 +176,7 @@ public class AuthenticationSessionStoreage {  			throws AuthenticationException, BuildException {  		try { -			AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); +			AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true);  			String id = Random.nextRandom(); @@ -207,7 +208,7 @@ public class AuthenticationSessionStoreage {  		AuthenticatedSessionStore session;  		try { -			session = searchInDatabase(moaSessionID); +			session = searchInDatabase(moaSessionID, true);  			session.setAuthenticated(value);  			MOASessionDBUtils.saveOrUpdate(session); @@ -249,7 +250,7 @@ public class AuthenticationSessionStoreage {  	public static boolean isSSOSession(String sessionID) throws MOADatabaseException {  		try { -			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); +			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);  			return dbsession.isSSOSession();  		} catch (MOADatabaseException e) { @@ -391,8 +392,36 @@ public class AuthenticationSessionStoreage {  		MiscUtil.assertNotNull(moaSession, "MOASession");  		try { -			AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID()); -			return dbsession.getActiveOAsessions(); +			List<OASessionStore> oas = new ArrayList<OASessionStore>(); +			 +			AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false); +			oas.addAll(dbsession.getActiveOAsessions()); +			 +			Session session = MOASessionDBUtils.getCurrentSession(); +			session.getTransaction().commit(); +			 +			return oas; +			 +		} catch (MOADatabaseException e) { +			Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e); +			 +		} +				 +		return null; +	} +	 +	public static List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) { +		MiscUtil.assertNotNull(moaSession, "MOASession"); +		 +		try { +			List<InterfederationSessionStore> idps = new ArrayList<InterfederationSessionStore>();			 +			AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false); +			idps.addAll(dbsession.getInderfederation()); +			 +			Session session = MOASessionDBUtils.getCurrentSession(); +			session.getTransaction().commit(); +			 +			return idps;  		} catch (MOADatabaseException e) {  			Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e); @@ -475,7 +504,7 @@ public class AuthenticationSessionStoreage {  	public static String getPendingRequestID(String sessionID) {  		try { -			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); +			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);  			return dbsession.getPendingRequestID();  		} catch (MOADatabaseException e) { @@ -646,7 +675,7 @@ public class AuthenticationSessionStoreage {  		  return result.get(0).getInderfederation().get(0);  	} -	public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption {		 +	public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {		  		AuthenticatedSessionStore dbsession = null;  		//search for active SSO session @@ -654,7 +683,7 @@ public class AuthenticationSessionStoreage {  			String moaSession = getMOASessionSSOID(ssoID);		  			if (MiscUtil.isNotEmpty(moaSession)) {  				try { -					dbsession = searchInDatabase(moaSession); +					dbsession = searchInDatabase(moaSession, true);  				}catch (MOADatabaseException e) { @@ -664,28 +693,28 @@ public class AuthenticationSessionStoreage {  		String id = null;  		Date now = new Date(); -		  		//create new MOASession if any exists +		AuthenticationSession session = null;  		if (dbsession == null) {  			id = Random.nextRandom();  			dbsession = new AuthenticatedSessionStore();  			dbsession.setSessionid(id);  			dbsession.setCreated(now); -			 +			session = new AuthenticationSession(id, now); +		  		} else {  			id = dbsession.getSessionid(); -			 +			session = decryptSession(dbsession); +		  		} -				 +			  		dbsession.setInterfederatedSSOSession(true);  		dbsession.setAuthenticated(isAuthenticated); -		dbsession.setUpdated(now); -		 -		AuthenticationSession session = new AuthenticationSession(id); +		dbsession.setUpdated(now);		  		session.setAuthenticated(true); -		session.setAuthenticatedUsed(false); -		dbsession.setSession(SerializationUtils.serialize(session)); -		 +		session.setAuthenticatedUsed(false);		 +		encryptSession(session, dbsession); +			  		//add interfederation information  		List<InterfederationSessionStore> idpList = dbsession.getInderfederation();  		InterfederationSessionStore idp = null; @@ -889,7 +918,7 @@ public class AuthenticationSessionStoreage {  	}  	@SuppressWarnings("rawtypes") -	private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException { +	private static AuthenticatedSessionStore searchInDatabase(String sessionID, boolean commit) throws MOADatabaseException {  		  MiscUtil.assertNotNull(sessionID, "moasessionID");	    		  Logger.trace("Get authenticated session with sessionID " + sessionID + " from database.");  		  Session session = MOASessionDBUtils.getCurrentSession(); @@ -903,7 +932,8 @@ public class AuthenticationSessionStoreage {  			  result = query.list();  			  //send transaction -			  session.getTransaction().commit(); +			  if (commit) +				  session.getTransaction().commit();  		  }  		  Logger.trace("Found entries: " + result.size()); | 
