aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-06-06 13:47:15 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-06-06 13:47:15 +0200
commit5677982c24ada5c0a56e11588b5839bc2a75b83e (patch)
treef6142920f704222386fff9996b3e3b019d6e0129 /id/server/idserverlib/src/main/java/at
parentc8a872dcffe918d9ed1e867cb9fc18f639a715b4 (diff)
downloadmoa-id-spss-5677982c24ada5c0a56e11588b5839bc2a75b83e.tar.gz
moa-id-spss-5677982c24ada5c0a56e11588b5839bc2a75b83e.tar.bz2
moa-id-spss-5677982c24ada5c0a56e11588b5839bc2a75b83e.zip
use different endpoints for IDP and interfederation SP
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java59
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java36
8 files changed, 103 insertions, 68 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 1085e4cbc..fec8e3b98 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -244,7 +244,7 @@ public class MetadataAction implements IAction {
postassertionConsumerService.setIndex(0);
postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
postassertionConsumerService.setLocation(PVPConfiguration
- .getInstance().getIDPSSOPostService());
+ .getInstance().getSPSSOPostService());
postassertionConsumerService.setIsDefault(true);
spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
@@ -253,7 +253,7 @@ public class MetadataAction implements IAction {
redirectassertionConsumerService.setIndex(1);
redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
redirectassertionConsumerService.setLocation(PVPConfiguration
- .getInstance().getIDPSSORedirectService());
+ .getInstance().getSPSSORedirectService());
spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService);
@@ -269,7 +269,7 @@ public class MetadataAction implements IAction {
SingleLogoutService redirectSLOService =
SAML2Utils.createSAMLObject(SingleLogoutService.class);
redirectSLOService.setLocation(PVPConfiguration
- .getInstance().getIDPSSOPostService());
+ .getInstance().getSPSSORedirectService());
redirectSLOService
.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
spSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index d9ce6250a..7f8ea91bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -111,6 +111,11 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
public static final String ATTRIBUTEQUERY = "AttributeQuery";
public static final String SINGLELOGOUT = "SingleLogOut";
+ public static final String ENDPOINT_IDP = "idp";
+ public static final String ENDPOINT_SP = "sp";
+
+ public static final String PARAMETER_ENDPOINT = "endpointtype";
+
private static List<IDecoder> decoder = new ArrayList<IDecoder>();
private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
@@ -168,6 +173,23 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
return null;
}
+ private boolean isServiceProviderEndPointUsed(HttpServletRequest req) throws InvalidProtocolRequestException {
+ Object obj = req.getParameter(PARAMETER_ENDPOINT);
+ if (obj instanceof String) {
+ String param = (String) obj;
+ if (MiscUtil.isNotEmpty(param)) {
+ if (ENDPOINT_IDP.equals(param))
+ return false;
+
+ else if (ENDPOINT_SP.equals(param))
+ return true;
+ }
+ }
+
+ Logger.error("No valid PVP 2.1 entpoint descriptor");
+ throw new InvalidProtocolRequestException("pvp2.20", new Object[] {});
+ }
+
public PVP2XProtocol() {
super();
}
@@ -193,7 +215,8 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
return null;
}
try {
- InboundMessage msg = (InboundMessage) decoder.decode(request, response);
+
+ InboundMessage msg = (InboundMessage) decoder.decode(request, response, isServiceProviderEndPointUsed(request));
if (MiscUtil.isEmpty(msg.getEntityID())) {
throw new InvalidProtocolRequestException("pvp2.20", new Object[] {});
@@ -217,13 +240,14 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
else if (msg instanceof MOARequest &&
((MOARequest)msg).getSamlRequest() instanceof LogoutRequest)
- return preProcessLogOut(request, response, (MOARequest) msg);
+ return preProcessLogOut(request, response, msg);
- else if (msg instanceof MOARequest &&
- ((MOARequest)msg).getSamlRequest() instanceof LogoutResponse)
- return preProcessLogOut(request, response, (MOARequest) msg);
+ else if (msg instanceof MOAResponse &&
+ ((MOAResponse)msg).getResponse() instanceof LogoutResponse)
+ return preProcessLogOut(request, response, msg);
- else if (msg instanceof MOAResponse) {
+ else if (msg instanceof MOAResponse &&
+ ((MOAResponse)msg).getResponse() instanceof Response) {
//load service provider AuthRequest from session
IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState());
@@ -420,20 +444,22 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
* @throws MOAIDException
*/
private IRequest preProcessLogOut(HttpServletRequest request,
- HttpServletResponse response, MOARequest msg) throws MOAIDException {
+ HttpServletResponse response, InboundMessage inMsg) throws MOAIDException {
PVPTargetConfiguration config = new PVPTargetConfiguration();
- if (((MOARequest)msg).getSamlRequest() instanceof LogoutRequest) {
+ MOARequest msg;
+ if (inMsg instanceof MOARequest &&
+ ((MOARequest)inMsg).getSamlRequest() instanceof LogoutRequest) {
//preProcess single logout request from service provider
-
+
+ msg = (MOARequest) inMsg;
+
EntityDescriptor metadata = msg.getEntityMetadata();
if(metadata == null) {
throw new NoMetadataInformationException();
}
-
-
String oaURL = metadata.getEntityID();
oaURL = StringEscapeUtils.escapeHtml(oaURL);
@@ -443,10 +469,11 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
config.setBinding(msg.getRequestBinding());
- } else if (((MOARequest)msg).getSamlRequest() instanceof LogoutResponse) {
+ } else if (inMsg instanceof MOAResponse &&
+ ((MOAResponse)inMsg).getResponse() instanceof LogoutResponse) {
//preProcess single logour response from service provider
- LogoutResponse resp = (LogoutResponse) (((MOARequest)msg).getSamlRequest());
+ LogoutResponse resp = (LogoutResponse) (((MOAResponse)inMsg).getResponse());
Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
@@ -458,14 +485,14 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
}
//TODO: check if relayState exists
- msg.getRelayState();
+ inMsg.getRelayState();
} else
throw new MOAIDException("Unsupported request", new Object[] {});
- config.setRequest(msg);
+ config.setRequest(inMsg);
config.setAction(SINGLELOGOUT);
return config;
}
@@ -624,7 +651,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
*/
private MOAResponse preProcessAuthResponse(MOAResponse msg) {
Logger.debug("Start PVP21 assertion processing... ");
- Response samlResp = msg.getResponse();
+ Response samlResp = (Response) msg.getResponse();
try {
if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
index 8691667f0..4d353ffcd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
@@ -102,7 +102,7 @@ public class ArtifactBinding implements IDecoder, IEncoder {
}
public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
+ HttpServletResponse resp, boolean isSPEndPoint) throws MessageDecodingException,
SecurityException {
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
index fb17c02b8..6619876dc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
@@ -33,7 +33,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface
public interface IDecoder {
public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp)
+ HttpServletResponse resp, boolean isSPEndPoint)
throws MessageDecodingException, SecurityException, PVP2Exception;
public boolean handleDecode(String action, HttpServletRequest req);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index a2fe5c01b..7f73b1ed7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -139,7 +139,7 @@ public class PostBinding implements IDecoder, IEncoder {
}
public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
+ HttpServletResponse resp, boolean isSPEndPoint) throws MessageDecodingException,
SecurityException {
HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
@@ -152,39 +152,38 @@ public class PostBinding implements IDecoder, IEncoder {
} catch (ConfigurationException e) {
throw new SecurityException(e);
}
-
- decode.decode(messageContext);
-
+
messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
- InboundMessage msg = null;
+ //set metadata descriptor type
+ if (isSPEndPoint)
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ else
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
- if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
+ decode.decode(messageContext);
+
+ InboundMessage msg = null;
+ if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
.getInboundMessage();
msg = new MOARequest(inboundMessage, getSAML2BindingName());
- } else if (messageContext.getInboundMessage() instanceof Response){
- messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
- Response inboundMessage = (Response) messageContext.getInboundMessage();
+ } else if (messageContext.getInboundMessage() instanceof StatusResponseType){
+ StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();
msg = new MOAResponse(inboundMessage);
} else
//create empty container if request type is unknown
msg = new InboundMessage();
-
- msg.setVerified(false);
-
- decode.decode(messageContext);
+
if (messageContext.getPeerEntityMetadata() != null)
msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
else
Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
-
+
+ msg.setVerified(false);
msg.setRelayState(messageContext.getRelayState());
return msg;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 8fba6cde0..26f6f3a62 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -129,7 +129,7 @@ public class RedirectBinding implements IDecoder, IEncoder {
}
public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
+ HttpServletResponse resp, boolean isSPEndPoint) throws MessageDecodingException,
SecurityException {
HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
@@ -146,8 +146,6 @@ public class RedirectBinding implements IDecoder, IEncoder {
BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(req));
-
- decode.decode(messageContext);
messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
@@ -161,36 +159,39 @@ public class RedirectBinding implements IDecoder, IEncoder {
policy);
messageContext.setSecurityPolicyResolver(resolver);
- InboundMessage msg = null;
-
- if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
+ //set metadata descriptor type
+ if (isSPEndPoint)
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ else
messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
+
+ decode.decode(messageContext);
+
+ //check signature
+ signatureRule.evaluate(messageContext);
+
+ InboundMessage msg = null;
+ if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
.getInboundMessage();
msg = new MOARequest(inboundMessage, getSAML2BindingName());
- } else if (messageContext.getInboundMessage() instanceof Response){
- messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
- Response inboundMessage = (Response) messageContext.getInboundMessage();
+ } else if (messageContext.getInboundMessage() instanceof StatusResponseType){
+ StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();
msg = new MOAResponse(inboundMessage);
} else
//create empty container if request type is unknown
msg = new InboundMessage();
- signatureRule.evaluate(messageContext);
- msg.setVerified(true);
-
- decode.decode(messageContext);
if (messageContext.getPeerEntityMetadata() != null)
msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
else
Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
+ msg.setVerified(true);
msg.setRelayState(messageContext.getRelayState());
return msg;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 75332cfea..f0eafe272 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -59,7 +59,7 @@ import at.gv.egovernment.moa.logging.Logger;
public class SoapBinding implements IDecoder, IEncoder {
public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
+ HttpServletResponse resp, boolean isSPEndPoint) throws MessageDecodingException,
SecurityException, PVP2Exception {
HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 255fba093..d3a9ad3e7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -33,7 +33,6 @@ import java.util.Properties;
import java.util.jar.Attributes;
import java.util.jar.Manifest;
-import org.opensaml.Configuration;
import org.opensaml.saml2.metadata.Company;
import org.opensaml.saml2.metadata.ContactPerson;
import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration;
@@ -46,7 +45,6 @@ import org.opensaml.saml2.metadata.OrganizationName;
import org.opensaml.saml2.metadata.OrganizationURL;
import org.opensaml.saml2.metadata.SurName;
import org.opensaml.saml2.metadata.TelephoneNumber;
-import org.opensaml.xml.security.SecurityConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
@@ -71,10 +69,12 @@ public class PVPConfiguration {
}
public static final String PVP2_METADATA = "/pvp2/metadata";
- public static final String PVP2_REDIRECT = "/pvp2/redirect";
- public static final String PVP2_POST = "/pvp2/post";
- public static final String PVP2_SOAP = "/pvp2/soap";
- public static final String PVP2_ATTRIBUTEQUERY = "/pvp2/attributequery";
+ public static final String PVP2_IDP_REDIRECT = "/pvp2/redirect";
+ public static final String PVP2_IDP_POST = "/pvp2/post";
+ public static final String PVP2_IDP_SOAP = "/pvp2/soap";
+ public static final String PVP2_IDP_ATTRIBUTEQUERY = "/pvp2/attributequery";
+ public static final String PVP2_SP_REDIRECT = "/pvp2/sp/redirect";
+ public static final String PVP2_SP_POST = "/pvp2/sp/post";
public static final String PVP_CONFIG_FILE = "pvp2config.properties";
@@ -143,22 +143,30 @@ public class PVPConfiguration {
return publicPath;
}
- public String getIDPSSOPostService() throws ConfigurationException {
- return getIDPPublicPath() + PVP2_POST;
+ public String getSPSSOPostService() throws ConfigurationException {
+ return getIDPPublicPath() + PVP2_SP_POST;
}
- public String getIDPSSOSOAPService() throws ConfigurationException {
- return getIDPPublicPath() + PVP2_SOAP;
+ public String getSPSSORedirectService() throws ConfigurationException {
+ return getIDPPublicPath() + PVP2_SP_REDIRECT;
}
- public String getIDPAttributeQueryService() throws ConfigurationException {
- return getIDPPublicPath() + PVP2_ATTRIBUTEQUERY;
+ public String getIDPSSOPostService() throws ConfigurationException {
+ return getIDPPublicPath() + PVP2_IDP_POST;
}
-
+
public String getIDPSSORedirectService() throws ConfigurationException {
- return getIDPPublicPath() + PVP2_REDIRECT;
+ return getIDPPublicPath() + PVP2_IDP_REDIRECT;
}
+ public String getIDPSSOSOAPService() throws ConfigurationException {
+ return getIDPPublicPath() + PVP2_IDP_SOAP;
+ }
+
+ public String getIDPAttributeQueryService() throws ConfigurationException {
+ return getIDPPublicPath() + PVP2_IDP_ATTRIBUTEQUERY;
+ }
+
public String getIDPSSOMetadataService() throws ConfigurationException {
return getIDPPublicPath() + PVP2_METADATA;
}