aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-03-22 14:43:22 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-03-22 14:43:22 +0100
commitb29150526d95af2f1c30f4543c88d35c2965dfe6 (patch)
treed4b36d3fc6c7683b8646c9414ed2f11697047b51 /id/server/idserverlib/src/main
parent99e249a0f292bda3def5e5fbb4cc641c6dbbe26f (diff)
downloadmoa-id-spss-b29150526d95af2f1c30f4543c88d35c2965dfe6.tar.gz
moa-id-spss-b29150526d95af2f1c30f4543c88d35c2965dfe6.tar.bz2
moa-id-spss-b29150526d95af2f1c30f4543c88d35c2965dfe6.zip
add revisionslog info's to eIDAS and SLO methods
Diffstat (limited to 'id/server/idserverlib/src/main')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java15
6 files changed, 113 insertions, 31 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
index 054543c3e..9d26cc05f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
@@ -47,7 +47,12 @@ public interface MOAIDEventConstants extends EventConstants {
public static final int AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST = 3201;
public static final int AUTHPROTOCOL_SAML1_AUTHNREQUEST = 3300;
-
+
+ public static final int AUTHPROCESS_IDP_SLO_REQUESTED = 4400;
+ public static final int AUTHPROCESS_SLO_STARTED = 4401;
+ public static final int AUTHPROCESS_SLO_ALL_VALID = 4402;
+ public static final int AUTHPROCESS_SLO_NOT_ALL_VALID = 4403;
+
//authentication process information
public static final int AUTHPROCESS_START = 4000;
public static final int AUTHPROCESS_FINISHED = 4001;
@@ -78,9 +83,11 @@ public interface MOAIDEventConstants extends EventConstants {
public static final int AUTHPROCESS_MANDATE_REDIRECT = 4301;
public static final int AUTHPROCESS_MANDATE_RECEIVED = 4302;
- public static final int AUTHPROCESS_PEPS_REQUESTED = 4400;
- public static final int AUTHPROCESS_PEPS_RECEIVED = 4401;
- public static final int AUTHPROCESS_PEPS_IDL_RECEIVED = 4402;
+ public static final int AUTHPROCESS_PEPS_SELECTED = 6100;
+ public static final int AUTHPROCESS_PEPS_REQUESTED = 6101;
+ public static final int AUTHPROCESS_PEPS_RECEIVED = 6102;
+ public static final int AUTHPROCESS_PEPS_RECEIVED_ERROR = 6103;
+ public static final int AUTHPROCESS_PEPS_IDL_RECEIVED = 6104;
//person information
public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 6fa07a098..4a5cbd55f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -75,18 +75,26 @@ public class MOAReversionLogger {
MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED,
MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED,
MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED,
-
+
+ MOAIDEventConstants.AUTHPROCESS_IDP_SLO_REQUESTED,
+ MOAIDEventConstants.AUTHPROCESS_SLO_STARTED,
+ MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID,
+ MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID,
+
MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_REQUESTED,
MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED,
MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED,
MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED_IP,
- MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND,
- MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED,
+ MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED,
MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
+ MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR,
MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED,
+ MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND,
+ MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED,
+
MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED,
MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT,
MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
index 18ffc5c6d..38f6948d3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
@@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.data;
import java.util.Iterator;
import java.util.List;
-import java.util.Set;
import java.util.Map.Entry;
+import java.util.Set;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
@@ -63,5 +63,8 @@ public interface ISLOInformationContainer {
List<String> getSloFailedOAs();
void putFailedOA(String oaID);
-
+
+ public String getTransactionID();
+
+ public String getSessionID();
} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
index fd1749129..20588ad0b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
@@ -44,6 +44,8 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs;
private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs;
private List<String> sloFailedOAs = null;
+ private String transactionID = null;
+ private String sessionID = null;
/**
*
@@ -146,6 +148,7 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
@Override
public void setSloRequest(PVPTargetConfiguration sloRequest) {
this.sloRequest = sloRequest;
+
}
/* (non-Javadoc)
@@ -164,5 +167,37 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
if (sloFailedOAs == null)
sloFailedOAs = new ArrayList<String>();
sloFailedOAs.add(oaID);
- }
+ }
+
+
+ /**
+ * @return the transactionID
+ */
+ public String getTransactionID() {
+ return transactionID;
+ }
+
+
+ /**
+ * @param transactionID the transactionID to set
+ */
+ public void setTransactionID(String transactionID) {
+ this.transactionID = transactionID;
+ }
+
+ public String getSessionID() {
+ return this.sessionID;
+
+ }
+
+
+ /**
+ * @param sessionID the sessionID to set
+ */
+ public void setSessionID(String sessionID) {
+ this.sessionID = sessionID;
+ }
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 1e064f24f..a1f2c6558 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -443,6 +443,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {
String pvpSLOIssuer = null;
String inboundRelayState = null;
+ String uniqueSessionIdentifier = "notSet";
+ String uniqueTransactionIdentifier = "notSet";
Logger.debug("Start technical Single LogOut process ... ");
@@ -451,14 +453,33 @@ public class AuthenticationManager extends MOAIDAuthConstants {
LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
pvpSLOIssuer = logOutReq.getIssuer().getValue();
inboundRelayState = samlReq.getRelayState();
+ uniqueSessionIdentifier = pvpReq.getUniqueSessionIdentifier();
+ uniqueTransactionIdentifier = pvpReq.getUniqueTransactionIdentifier();
+ } else {
+ AuthenticationSessionExtensions sessionExt;
+ try {
+ sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID());
+ if (sessionExt != null)
+ uniqueSessionIdentifier = sessionExt.getUniqueSessionId();
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Error during database communication. Can not evaluate 'uniqueSessionIdentifier'", e);
+
+ }
+ uniqueTransactionIdentifier = Random.nextLongRandom();
+ revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_IDP_SLO_REQUESTED);
+
}
//store active OAs to SLOContaine
List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session);
List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session);
- SLOInformationContainer sloContainer = new SLOInformationContainer();
- sloContainer.setSloRequest(pvpReq);
+ SLOInformationContainer sloContainer = new SLOInformationContainer();
+ sloContainer.setTransactionID(uniqueTransactionIdentifier);
+ sloContainer.setSessionID(uniqueSessionIdentifier);
+ sloContainer.setSloRequest(pvpReq);
+
sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer);
sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer);
@@ -468,19 +489,10 @@ public class AuthenticationManager extends MOAIDAuthConstants {
+ " NO_SLO_Support:" + sloContainer.getSloFailedOAs().size());
//terminate MOASession
- try {
- String uniqueSessionIdentifier = "notSet";
- AuthenticationSessionExtensions sessionExt =
- authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID());
- if (sessionExt != null)
- uniqueSessionIdentifier = sessionExt.getUniqueSessionId();
-
+ try {
authenticatedSessionStore.destroySession(session.getSessionID());
ssoManager.deleteSSOSessionID(httpReq, httpResp);
- if (pvpReq != null)
- revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, pvpReq.getUniqueSessionIdentifier());
- else
- revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier);
+ revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier);
Logger.debug("Active SSO Session on IDP is remove.");
@@ -490,8 +502,9 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
- Logger.trace("Starting Service-Provider logout process ... ");
- //start service provider back channel logout process
+ Logger.trace("Starting Service-Provider logout process ... ");
+ revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);
+ //start service provider back channel logout process
Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();
while (nextOAInterator.hasNext()) {
SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next());
@@ -592,13 +605,17 @@ public class AuthenticationManager extends MOAIDAuthConstants {
null);
if (sloContainer.getSloFailedOAs() == null ||
- sloContainer.getSloFailedOAs().size() == 0)
+ sloContainer.getSloFailedOAs().size() == 0) {
+ revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
config.putCustomParameter("successMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
- else
+
+ } else {
+ revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
config.putCustomParameter("errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-
+
+ }
guiBuilder.build(httpResp, config, "Single-LogOut GUI");
}
@@ -615,6 +632,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState);
+
+ revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
}else {
//print SLO information directly
@@ -623,6 +642,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT,
null);
+ revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
config.putCustomParameter("errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index dfe9ecb49..af6c79140 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -41,6 +41,8 @@ import org.opensaml.saml2.metadata.SingleLogoutService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
@@ -80,6 +82,7 @@ public class SingleLogOutAction implements IAction {
@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
@Autowired private ITransactionStorage transactionStorage;
@Autowired private SingleLogOutBuilder sloBuilder;
+ @Autowired private MOAReversionLogger revisionsLogger;
/* (non-Javadoc)
@@ -240,11 +243,17 @@ public class SingleLogOutAction implements IAction {
String statusCode = null;
if (sloContainer.getSloFailedOAs() == null ||
- sloContainer.getSloFailedOAs().size() == 0)
+ sloContainer.getSloFailedOAs().size() == 0) {
statusCode = MOAIDAuthConstants.SLOSTATUS_SUCCESS;
- else
+ revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(),
+ MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
+
+ } else {
+ revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(),
+ MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR;
-
+
+ }
transactionStorage.put(artifact, statusCode);
redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);