aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-01-27 06:37:32 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-01-27 06:37:32 +0100
commit86cbb2b42468b71cc9c04785d075260cf80fbb9f (patch)
tree5be3fd3ed75d7866549bb64ba3091633f95652d2 /id/server/idserverlib/src/main/java/at
parent73edf1fc83172503cc7560fbe334d305c440273d (diff)
parent9119e437168592b1bc49a434b59c13a88fc0b2ae (diff)
downloadmoa-id-spss-86cbb2b42468b71cc9c04785d075260cf80fbb9f.tar.gz
moa-id-spss-86cbb2b42468b71cc9c04785d075260cf80fbb9f.tar.bz2
moa-id-spss-86cbb2b42468b71cc9c04785d075260cf80fbb9f.zip
Merge branch 'moa-id-3.0.0-snapshot' into moa-id-3.2_(OPB)
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java7
4 files changed, 36 insertions, 8 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java
index 38135b028..9812f346d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java
@@ -65,7 +65,7 @@ public class AuthConfigurationProviderFactory {
instance = new PropertyBasedAuthConfigurationProvider(fileURI);
} catch (URISyntaxException e){
- Logger.error("MOA-ID-Auth configuration file does not starts with file:/ as prefix.");
+ Logger.error("MOA-ID-Auth configuration file does not starts with file:/ as prefix.", e);
throw new ConfigurationException("config24", new Object[]{MOAIDAuthConstants.FILE_URI_PREFIX, fileName});
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 6ed3f0eb5..ee5685e5f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -623,10 +623,25 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
AssertionConsumerService consumerService = null;
if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) &&
MiscUtil.isNotEmpty(authnRequest.getProtocolBinding())) {
- //use AssertionConsumerServiceURL from request
- consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);
- consumerService.setBinding(authnRequest.getProtocolBinding());
- consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL());
+ //use AssertionConsumerServiceURL from request
+
+ //check requested AssertionConsumingService URL against metadata
+ List<AssertionConsumerService> metadataAssertionServiceList = spSSODescriptor.getAssertionConsumerServices();
+ for (AssertionConsumerService service : metadataAssertionServiceList) {
+ if (authnRequest.getProtocolBinding().equals(service.getBinding())
+ && authnRequest.getAssertionConsumerServiceURL().equals(service.getLocation())) {
+ consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+ consumerService.setBinding(authnRequest.getProtocolBinding());
+ consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL());
+ Logger.debug("Requested AssertionConsumerServiceURL is valid.");
+ }
+ }
+
+ if (consumerService == null) {
+ throw new InvalidAssertionConsumerServiceException(authnRequest.getAssertionConsumerServiceURL());
+
+ }
+
} else {
//use AssertionConsumerServiceIndex and select consumerService from metadata
@@ -645,9 +660,10 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
if (consumerService == null) {
throw new InvalidAssertionConsumerServiceException(aIdx);
- }
+ }
}
+
//select AttributeConsumingService from request
AttributeConsumingService attributeConsumer = null;
Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
index 94a4e8226..392569366 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
@@ -34,6 +34,15 @@ public class InvalidAssertionConsumerServiceException extends PVP2Exception {
/**
*
*/
+ public InvalidAssertionConsumerServiceException(String wrongURL) {
+ super("pvp2.23", new Object[]{wrongURL});
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+
+ }
+
+ /**
+ *
+ */
private static final long serialVersionUID = 7861790149343943091L;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
index 31e960d59..f62410656 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
@@ -92,7 +92,7 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit
throw e;
}
- Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + context.getInboundMessageIssuer());
+ Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + context.getInboundMessageIssuer());
if (!refreshMetadataProvider(context.getInboundMessageIssuer()))
throw e;
@@ -139,8 +139,10 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit
throw new SecurityPolicyException("Signature validation FAILED.");
}
+ Logger.debug("PVP AuthnRequest signature valid.");
+
} catch (org.opensaml.xml.security.SecurityException e) {
- Logger.warn("PVP2x message signature validation FAILED.", e);
+ Logger.info("PVP2x message signature validation FAILED. Message:" + e.getMessage());
throw new SecurityPolicyException("Signature validation FAILED.");
}
@@ -149,6 +151,7 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit
throw new SecurityPolicyException("Request is not signed.");
}
+
}
private void performSchemaValidation(Element source) throws SchemaValidationException {