aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-11-04 10:43:51 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-11-04 10:43:51 +0100
commit99b46131e3ef3753af9f1d17516cf900fd095b4d (patch)
tree7ef74f13c1b7c63fcc1c374272de2ede67b0ad4e /id/server/idserverlib
parent6f70c39d276b3758da06e3121208e2f1ed0009a3 (diff)
downloadmoa-id-spss-99b46131e3ef3753af9f1d17516cf900fd095b4d.tar.gz
moa-id-spss-99b46131e3ef3753af9f1d17516cf900fd095b4d.tar.bz2
moa-id-spss-99b46131e3ef3753af9f1d17516cf900fd095b4d.zip
add STORK-QAA to PVP SecClass mapping
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java22
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties10
4 files changed, 82 insertions, 10 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 52488c3cb..7aa4cd1f7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -536,7 +536,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
} else {
Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");
- String mappedQAA = PVPtoSTORKMapper.getInstance().mapQAALevel(qaaLevel);
+ String mappedQAA = PVPtoSTORKMapper.getInstance().mapToQAALevel(qaaLevel);
if (MiscUtil.isNotEmpty(mappedQAA))
authData.setQAALevel(mappedQAA);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index dab89b7c3..333bd35f1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -77,6 +77,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
@@ -87,9 +88,11 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
@@ -381,6 +384,7 @@ public class AuthenticationManager extends AuthServlet {
//get IDP metadata
try {
OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
+ OAAuthParameter sp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getOAURL());
if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
@@ -389,7 +393,7 @@ public class AuthenticationManager extends AuthServlet {
return;
}
-
+
EntityDescriptor idpEntity = MOAMetadataProvider.getInstance().
getEntityDescriptor(target.getRequestedIDP());
@@ -409,7 +413,7 @@ public class AuthenticationManager extends AuthServlet {
redirectEndpoint == null )
redirectEndpoint = sss;
}
-
+
if (redirectEndpoint != null) {
AuthnRequest authReq = SAML2Utils
@@ -440,13 +444,55 @@ public class AuthenticationManager extends AuthServlet {
SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
AuthnContextClassRef authnClassRef =
- SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
- authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
+ SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+
+ if (sp != null && sp.isSTORKPVPGateway()){
+ //use PVP SecClass instead of STORK QAA level
+ String secClass = null;
+ if (target instanceof MOASTORKRequest) {
+
+ try {
+ MOASTORKRequest storkReq = (MOASTORKRequest) target;
+ secClass = PVPtoSTORKMapper.getInstance().mapToSecClass(
+ PVPConstants.STORK_QAA_PREFIX + storkReq.getStorkAuthnRequest().getQaa());
+
+ } catch (Exception e) {
+ Logger.warn("STORK-QAA level can not read from STORK request. Use default QAA 4", e);
+
+ }
+ }
+
+ if (MiscUtil.isNotEmpty(secClass))
+ authnClassRef.setAuthnContextClassRef(secClass);
+ else
+ authnClassRef.setAuthnContextClassRef("http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3");
+
+ } else {
+ if (target instanceof MOASTORKRequest) {
+ //use requested QAA level from STORK request
+ try {
+ MOASTORKRequest storkReq = (MOASTORKRequest) target;
+ authnClassRef.setAuthnContextClassRef(
+ PVPConstants.STORK_QAA_PREFIX + storkReq.getStorkAuthnRequest().getQaa());
+ Logger.debug("Use STORK-QAA level " + authnClassRef.getAuthnContextClassRef()
+ + " from STORK request");
+
+ } catch (Exception e) {
+ Logger.warn("STORK-QAA level can not read from STORK request. Use default QAA 4", e);
+
+ }
+
+ }
+
+ if (MiscUtil.isEmpty(authnClassRef.getAuthnContextClassRef()))
+ authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
+
+ }
+
reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
authReq.setRequestedAuthnContext(reqAuthContext);
-
-
+
IEncoder binding = null;
if (redirectEndpoint.getBinding().equals(
SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
index 0ea03e29d..fe3b780fb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
@@ -36,6 +36,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class PVPtoSTORKMapper {
private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
+ private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
private static final String MAPPING_RESOURCE =
"resources/properties/pvp-stork_mapping.properties";
@@ -67,12 +68,31 @@ public class PVPtoSTORKMapper {
}
+ /**Map a STORK QAA level to PVP SecClass
+ *
+ * @param STORK-QAA level
+ * @return PVP SecClass pvpQAALevel
+ */
+ public String mapToSecClass(String storkQAALevel) {
+ if (mapping != null) {
+ String input = storkQAALevel.substring(STORK_QAA_PREFIX.length());
+ String mappedQAA = mapping.getProperty(input);
+ if (MiscUtil.isNotEmpty(mappedQAA)) {
+ Logger.info("Map STORK-QAA " + storkQAALevel + " to PVP SecClass " + mappedQAA);
+ return mappedQAA;
+
+ }
+ }
+ Logger.warn("No mapping for STORK-QAA " + storkQAALevel +" !");
+ return null;
+ }
+
/**Map a PVP SecClass to STORK QAA level
*
* @param PVP SecClass pvpQAALevel
* @return STORK-QAA level
*/
- public String mapQAALevel(String pvpQAALevel) {
+ public String mapToQAALevel(String pvpQAALevel) {
if (mapping != null) {
String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());
String mappedQAA = mapping.getProperty(input);
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
index 63745f826..1a8d8db58 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_mapping.properties
@@ -2,8 +2,14 @@
viewer=CIRCABC/viewer
CIRCABC-viewer=CIRCABC/viewer
-##PVP SecClass mapping
+##PVP SecClass to STORK-QAA mapping
secclass/0=http://www.stork.gov.eu/1.0/citizenQAALevel/1
secclass/0-1=http://www.stork.gov.eu/1.0/citizenQAALevel/2
secclass/0-2=http://www.stork.gov.eu/1.0/citizenQAALevel/3
-secclass/0-3=http://www.stork.gov.eu/1.0/citizenQAALevel/4 \ No newline at end of file
+secclass/0-3=http://www.stork.gov.eu/1.0/citizenQAALevel/4
+
+##STORK-QAA to PVP SecClass mapping
+citizenQAALevel/1=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0
+citizenQAALevel/2=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-1
+citizenQAALevel/3=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-2
+citizenQAALevel/4=http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3 \ No newline at end of file