aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-AT_eIDAS_connector/src
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2020-02-19 13:22:40 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2020-02-19 13:22:40 +0100
commit7c361d450a97b9d79a1da90961fd727d2808f9c8 (patch)
treef09f3e97191e2cbc8b123b4758ccfc8d7c5d736b /id/server/modules/moa-id-module-AT_eIDAS_connector/src
parentb2a4e40dd5fa0af6e8ecb185c2dce95e9a69019b (diff)
downloadmoa-id-spss-7c361d450a97b9d79a1da90961fd727d2808f9c8.tar.gz
moa-id-spss-7c361d450a97b9d79a1da90961fd727d2808f9c8.tar.bz2
moa-id-spss-7c361d450a97b9d79a1da90961fd727d2808f9c8.zip
inject mandate-profiles into eIDAS MS-Connector request in case of SEMPER mode
Diffstat (limited to 'id/server/modules/moa-id-module-AT_eIDAS_connector/src')
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java22
1 files changed, 20 insertions, 2 deletions
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
index c1229e3ff..d3a2d2840 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -29,6 +29,7 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -38,6 +39,7 @@ import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -55,6 +57,7 @@ import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentral
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -168,15 +171,30 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
private List<EAAFRequestedAttribute> buildRequestedAttributes() {
List<EAAFRequestedAttribute> attributs = new ArrayList<EAAFRequestedAttribute>();
+ OAAuthParameterDecorator spConfig =
+ pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class);
+
//build EID sector for identification attribute
Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME);
EAAFRequestedAttribute reqAttr = SAML2Utils.generateReqAuthnAttributeSimple(
attr ,
true,
- pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+ spConfig.getAreaSpecificTargetIdentifier());
attributs.add(reqAttr );
- //TODO: add mandate information if mandates are used!!!!
+ //build MandateProfileAttribute if SEMPER is enabled and mandates are requested
+ if (spConfig.isShowMandateCheckBox()
+ && authConfig.getBasicConfigurationBoolean(
+ EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) {
+ Logger.debug("SEMPER mode is active. Inject MandateProfiles into eIDAS MS-Connector request");
+ final Attribute attrMandateProfiles = PVPAttributeBuilder.buildEmptyAttribute(
+ ExtendedPVPAttributeDefinitions.SP_USESMANDATES_NAME);
+ final EAAFRequestedAttribute mandateProfilesReqAttr = SAML2Utils.generateReqAuthnAttributeSimple(
+ attrMandateProfiles, true,
+ StringUtils.join(spConfig.getMandateProfiles(), ","));
+ attributs.add(mandateProfilesReqAttr);
+
+ }
return attributs;
}