diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2019-02-27 10:08:31 +0100 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2019-02-27 10:08:31 +0100 |
| commit | d23e3745dd4a40196b03f937b9ba8c4ed840a108 (patch) | |
| tree | 2195fbe110c392728b3009aa545363540a94294e /id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml | |
| parent | 86aa898406f539fd06129360c58c654afc62e904 (diff) | |
| parent | f923a89436377f581c6e2ab6637024aa068bf9fb (diff) | |
| download | moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.tar.gz moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.tar.bz2 moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.zip | |
Merge tag 'MOA-ID-3.4.2'
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml')
| -rw-r--r-- | id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml new file mode 100644 index 000000000..4ab49641f --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml @@ -0,0 +1,74 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="eID4UAttributCollectionAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + +<!-- + - National authentication with Austrian Citizen Card and mobile signature with our without mandate. + - Legacy authentication for foreign citizens using MOCCA supported signature cards. +--> + <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" /> + <pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" /> + <pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" /> + <pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" /> + <pd:Task id="verifyCertificate" class="VerifyCertificateTask" async="true" /> + <pd:Task id="getMISMandate" class="GetMISSessionIDTask" async="true" /> + <pd:Task id="certificateReadRequest" class="CertificateReadRequestTask" /> + <pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" /> + <pd:Task id="prepareGetMISMandate" class="PrepareGetMISMandateTask" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" /> + <pd:Task id="userRestrictionTask" class="UserRestrictionTask" /> + <pd:Task id="genericFrontChannelRedirectTask" class="GenericFrontChannelRedirectTask"/> + + <!-- eID4U extensions --> + <pd:Task id="collectAddtionalAttributesTask" class="CollectAddtionalAttributesTask" async="true"/> + <pd:Task id="receiveConsentForAddtionalAttributesTask" class="ReceiveConsentForAddtionalAttributesTask" async="true"/> + + + + + <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. --> + <pd:StartEvent id="start" /> + + <pd:Transition from="start" to="initializeBKUAuthentication" /> + + <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" /> + + <pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" /> + + <pd:Transition from="verifyIdentityLink" to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" /> + <pd:Transition from="verifyIdentityLink" to="prepareAuthBlockSignature" /> + + <pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" /> + <!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. --> + + <pd:Transition from="certificateReadRequest" to="verifyCertificate" /> + <!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. --> + + <pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" /> + <pd:Transition from="verifyCertificate" to="getForeignID" /> + + <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" /> + <pd:Transition from="verifyAuthBlock" to="userRestrictionTask" /> + + <pd:Transition from="prepareGetMISMandate" to="getMISMandate" /> + + <pd:Transition from="getMISMandate" to="userRestrictionTask" /> + <pd:Transition from="getForeignID" to="userRestrictionTask" /> + + + <pd:Transition from="userRestrictionTask" to="genericFrontChannelRedirectTask" /> + + <!-- eID4U tasks for attribute collection --> + <pd:Transition from="genericFrontChannelRedirectTask" to="collectAddtionalAttributesTask" /> + + <pd:Transition from="collectAddtionalAttributesTask" to="receiveConsentForAddtionalAttributesTask" conditionExpression="ctx['collecteID4UAttr']" /> + <pd:Transition from="collectAddtionalAttributesTask" to="finalizeAuthentication" conditionExpression="!ctx['collecteID4UAttr']" /> + + <pd:Transition from="receiveConsentForAddtionalAttributesTask" to="finalizeAuthentication" /> + + + <pd:Transition from="finalizeAuthentication" to="end" /> + + <pd:EndEvent id="end" /> + +</pd:ProcessDefinition> |