aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-12-19 07:48:56 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-12-19 07:48:56 +0100
commit6e01fbb21b23d187cdb169ef0be8dfc15fc6638f (patch)
treed4ba735a5bd2f3f8e3e7f66372ccd5eef46e51fb /id/server/idserverlib
parentddd803e73a4519132ce2257c621b54d004f2235f (diff)
parent351f8be591412e124b6d578c1afd3f72f3c25d8f (diff)
downloadmoa-id-spss-6e01fbb21b23d187cdb169ef0be8dfc15fc6638f.tar.gz
moa-id-spss-6e01fbb21b23d187cdb169ef0be8dfc15fc6638f.tar.bz2
moa-id-spss-6e01fbb21b23d187cdb169ef0be8dfc15fc6638f.zip
merge last changes to exthex.OAuth testrelease
Conflicts: id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/pom.xml2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java6
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties3
15 files changed, 135 insertions, 68 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 3cc7c38de..9732f8a63 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>1.9.96-SNAPSHOT</version>
+ <version>1.9.97-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index af23d4c78..014a9ec03 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1155,7 +1155,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(
xmlCreateXMLSignatureReadResponse).parseResponse();
+
+ Element signature = csresp.getDsigSignature();
+
+
try {
+ String test = DOMUtils.serializeNode(signature);
+
+
String serializedAssertion = DOMUtils.serializeNode(csresp
.getSamlAssertion());
session.setAuthBlock(serializedAssertion);
@@ -1688,37 +1695,36 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @param signature XMLDSIG signature
* @return Identity link assertion
* @throws SZRGWClientException
+ * @throws ConfigurationException
*/
- public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException {
+ public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException, ConfigurationException {
SZRGWClient client = new SZRGWClient();
- try {
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
-
- client.setAddress(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
- Logger.debug("Initialisiere SSL Verbindung");
- try {
- client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- } catch (IOException e) {
- Logger.error("Could not initialize SSL Factory", e);
- throw new SZRGWClientException("Could not initialize SSL Factory");
- } catch (GeneralSecurityException e) {
- Logger.error("Could not initialize SSL Factory", e);
- throw new SZRGWClientException("Could not initialize SSL Factory");
- } catch (PKIException e) {
- Logger.error("Could not initialize SSL Factory", e);
- throw new SZRGWClientException("Could not initialize SSL Factory");
- }
- }
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
+
+ client.setAddress(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+ Logger.debug("Initialisiere SSL Verbindung");
+ try {
+ client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+
+ } catch (IOException e) {
+ Logger.error("Could not initialize SSL Factory", e);
+ throw new SZRGWClientException("Could not initialize SSL Factory");
+
+ } catch (GeneralSecurityException e) {
+ Logger.error("Could not initialize SSL Factory", e);
+ throw new SZRGWClientException("Could not initialize SSL Factory");
+
+ } catch (PKIException e) {
+ Logger.error("Could not initialize SSL Factory", e);
+ throw new SZRGWClientException("Could not initialize SSL Factory");
+ }
+ }
+
Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
- }
- catch (ConfigurationException e) {
- Logger.warn(e);
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
- }
// create request
CreateIdentityLinkResponse response = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index f5d603480..3a308f6da 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -190,9 +190,22 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
- //adding type of wbPK domain identifier
+ //adding type of wbPK domain identifier
+
+ String idtype = oaParam.getIdentityLinkDomainIdentifierType();
+ if (MiscUtil.isEmpty(idtype)) {
+ if (identityLinkType.contains("FN"))
+ idtype = "Firmenbuchnummer";
+ else if (identityLinkType.contains("ZVR"))
+ idtype = "Vereinsnummer";
+ else if (identityLinkType.contains("ERSB"))
+ idtype = "ERJPZahl";
+ else
+ idtype = "Bereichskennung";
+ }
+
ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute =
- new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+ new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", idtype, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
index fd5ff6744..5d94d2f16 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
@@ -27,8 +27,11 @@ package at.gv.egovernment.moa.id.auth.builder;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -65,9 +68,12 @@ public class PersonDataBuilder {
try {
Element prPerson = (Element)identityLink.getPrPerson().cloneNode(true);
- if (! provideStammzahl) {
- Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification/pr:Value");
- //remove IdentificationValue
+
+ Node prType = XPathUtils.selectSingleNode(prPerson, "pr:Identification/pr:Type");
+
+ if (! provideStammzahl &&
+ Constants.URN_PREFIX_BASEID.equals(prType.getFirstChild().getNodeValue())) {
+ Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification/pr:Value");
prIdentification.getFirstChild().setNodeValue("");
}
String xmlString = DOMUtils.serializeNode(prPerson);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
index e4bf37417..c616d94b3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
@@ -36,8 +36,7 @@ public class StartAuthenticationBuilder {
Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
// STORK or normal authentication
- //TODO: commented because npe was thrown
- /*if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
+ if (storkConfig != null && storkConfig.isSTORKAuthentication(moasession.getCcc())) {
//STORK authentication
Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
Logger.debug("Starting STORK authentication");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index 98ef78d53..eaa6ac1ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -32,16 +32,16 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
private static final long serialVersionUID = 1L;
public void init(ServletConfig servletConfig) throws ServletException {
- try {
+// try {
super.init(servletConfig);
- MOAIDAuthInitializer.initialize();
- Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
- }
- catch (Exception ex) {
- Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
- throw new ServletException(ex);
- }
+// MOAIDAuthInitializer.initialize();
+// Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
+// Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+// }
+// catch (Exception ex) {
+// Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+// throw new ServletException(ex);
+// }
}
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 222faec37..07d006bc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -156,9 +156,15 @@ public class GetForeignIDServlet extends AuthServlet {
try {
session.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature));
+
+ //String test = DOMUtils.serializeNode(signature);
+
} catch (CertificateException e) {
Logger.error("Could not extract certificate from CreateXMLSignatureResponse");
throw new MOAIDException("auth.14", null);
+// } catch (TransformerException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
}
// make SZR request to the identity link
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 9c72cfff2..ff8265ac3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -101,15 +101,15 @@ public class LogOutServlet extends AuthServlet {
* @see javax.servlet.Servlet#init(ServletConfig)
*/
public void init(ServletConfig servletConfig) throws ServletException {
- try {
+// try {
super.init(servletConfig);
- MOAIDAuthInitializer.initialize();
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
- }
- catch (Exception ex) {
- Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
- throw new ServletException(ex);
- }
+// MOAIDAuthInitializer.initialize();
+// Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+// }
+// catch (Exception ex) {
+// Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+// throw new ServletException(ex);
+// }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index a87e9a8c0..c0626e84a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -35,6 +35,7 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DateTimeUtils;
@@ -348,9 +349,14 @@ public class STORKResponseProcessor {
} catch (SZRGWClientException e) {
Logger.error("Error connecting SZR-Gateway: ", e);
throw new STORKException("Error connecting SZR-Gateway: ", e);
+
} catch (ParseException e) {
Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
throw new STORKException("Error parsing IdentityLink received from SZR-Gateway: ", e);
+
+ } catch (ConfigurationException e) {
+ Logger.error("Error connecting SZR-Gateway: ", e);
+ throw new STORKException("Error connecting SZR-Gateway: ", e);
}
return identityLink;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 29f567324..4507cd236 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -417,24 +417,25 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
public synchronized void reloadDataBaseConfig() throws ConfigurationException {
- Logger.info("Read MOA-ID 2.0 configuration from database.");
+ Logger.info("Read MOA-ID 2.x configuration from database.");
moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
- Logger.info("MOA-ID 2.0 is loaded.");
if (moaidconfig == null) {
Logger.warn("NO MOA-ID configuration found.");
throw new ConfigurationException("config.18", null);
}
-
+
+ Logger.debug("MOA-ID 2.x configuration is loaded from database.");
+ Logger.info("MOA-ID 2.x starts initialization process ...");
+
//build STORK Config
AuthComponentGeneral auth = getAuthComponentGeneral();
+
ForeignIdentities foreign = auth.getForeignIdentities();
if (foreign == null ) {
Logger.warn("Error in MOA-ID Configuration. No STORK configuration found.");
- }
- //TODO: commented because npe was thrown
- //else
+ } //else
//storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir);
@@ -786,6 +787,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
* @throws ConfigurationException
*/
public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException {
+ if (ForeignIDConnectionParameter == null)
+ throw new ConfigurationException("config.20", null);
+
return ForeignIDConnectionParameter;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 7130089ae..c8f14585a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -262,7 +262,7 @@ public class DispatcherServlet extends AuthServlet{
for (String el : mapkeys) {
IRequest value = protocolRequests.get(el);
- if (value.getOAURL().equals(protocolRequest.getOAURL())) {
+ if (value.getOAURL() != null && value.getOAURL().equals(protocolRequest.getOAURL())) {
if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) {
Logger.warn(DispatcherServlet.class.getName()+": NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!");
@@ -423,9 +423,6 @@ public class DispatcherServlet extends AuthServlet{
moasession = AuthenticationSessionStoreage.getSession(moasessionID);
moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession);
}
-
-
-
}
String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 5e8206739..f21567245 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -21,6 +21,7 @@ import org.opensaml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.NameIDFormat;
@@ -42,6 +43,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
@@ -293,7 +295,16 @@ public class PVP2AssertionBuilder implements PVPConstants {
.createSAMLObject(SubjectConfirmationData.class);
subjectConfirmationData.setInResponseTo(authnRequest.getID());
subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20));
- subjectConfirmationData.setRecipient(peerEntity.getEntityID());
+
+ //TL: change from entityID to destination URL
+ AssertionConsumerService consumerService = spSSODescriptor
+ .getAssertionConsumerServices().get(idx);
+
+ if (consumerService == null) {
+ throw new InvalidAssertionConsumerServiceException(idx);
+ }
+
+ subjectConfirmationData.setRecipient(consumerService.getLocation());
subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
@@ -303,7 +314,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
AudienceRestriction audienceRestriction = SAML2Utils
.createSAMLObject(AudienceRestriction.class);
Audience audience = SAML2Utils.createSAMLObject(Audience.class);
-
+
audience.setAudienceURI(peerEntity.getEntityID());
audienceRestriction.getAudiences().add(audience);
conditions.setNotBefore(new DateTime());
@@ -316,8 +327,12 @@ public class PVP2AssertionBuilder implements PVPConstants {
assertion.setConditions(conditions);
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
+
+ //TODO: check!
+ //change to entity value from entity name to IDP EntityID (URL)
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
issuer.setFormat(NameID.ENTITY);
+
assertion.setIssuer(issuer);
assertion.setSubject(subject);
assertion.setID(SAML2Utils.getSecureIdentifier());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 1d494c512..fec21df9e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -1,8 +1,11 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
+import java.util.Date;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnRequest;
@@ -51,10 +54,19 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
- nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
+
+ //TODO: check!
+ //change to entity value from entity name to IDP EntityID (URL)
+ nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ //nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
nissuer.setFormat(NameID.ENTITY);
+
authResponse.setIssuer(nissuer);
authResponse.setInResponseTo(authnRequest.getID());
+
+ //SAML2 response required IssueInstant
+ authResponse.setIssueInstant(new DateTime());
+
authResponse.getAssertions().add(assertion);
authResponse.setStatus(SAML2Utils.getSuccessStatus());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
index e9d41b7ee..e85d87aa3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
@@ -91,10 +91,12 @@ public class MetadataSignatureFilter implements MetadataFilter {
throw new MOAIDException("Root element of metadata file has to be signed", null);
}
processEntitiesDescriptor(entitiesDescriptor);
- } /*else if (metadata instanceof EntityDescriptor) {
+
+ } else if (metadata instanceof EntityDescriptor) {
EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
processEntityDescriptorr(entityDescriptor);
- } */else {
+
+ } else {
throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 37e35b6ce..78a1206c0 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -66,7 +66,8 @@ config.15=Das Personenbindungs-Trust-Profil (TrustProfileID \= {0}) darf nicht f
config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionParameter im allgemeinen Konfigurationsteil der MOA-ID-PROXY Konfigurationsdatei fehlt.
config.17=Fehler beim initialisieren von Hibernate
config.18=Keine MOA-ID 2.x Konfiguration gefunden.
-config.19=Kein Schl?ssel f\u00FCr die Resignierung der Personenbindung gefunden.
+config.19=Kein Schl?ssel f\u00FCr die Resignierung der Personenbindung gefunden.
+config.20=SZR-Gateway ist nicht konfiguriert. Anmeldung f\u00FCr ausl\u00E4ndische Personen nicht m\u00F6glich.
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}