aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-eIDAS/src/main/resources
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2019-02-27 10:08:31 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2019-02-27 10:08:31 +0100
commitd23e3745dd4a40196b03f937b9ba8c4ed840a108 (patch)
tree2195fbe110c392728b3009aa545363540a94294e /id/server/modules/moa-id-module-eIDAS/src/main/resources
parent86aa898406f539fd06129360c58c654afc62e904 (diff)
parentf923a89436377f581c6e2ab6637024aa068bf9fb (diff)
downloadmoa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.tar.gz
moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.tar.bz2
moa-id-spss-d23e3745dd4a40196b03f937b9ba8c4ed840a108.zip
Merge tag 'MOA-ID-3.4.2'
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/resources')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder30
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute31
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml74
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml17
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map27
5 files changed, 177 insertions, 2 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index 3c11c725d..3a05c47ac 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -1,7 +1,8 @@
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalName
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalPersonIdentifier
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName
@@ -9,3 +10,30 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentat
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdTypeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdIssuerAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdExpireddateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EHICIDAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.NationalityAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CititzenshipAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.MaritalstateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CountryOfBirthAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EMailAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.PhoneAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TemporaryAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentPhotoAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TaxIdentificationNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteNameAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteIdentifierAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentLevelOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.FieldOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentDegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAwardingInstituteAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.GraduationYearAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageProficiencyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageCertificatesAttrBuilder \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute
index ad87adb6a..2a147e18c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute
@@ -2,9 +2,38 @@ at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalName
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrLegalPersonIdentifier
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeGivenName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName
at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier \ No newline at end of file
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdTypeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdIssuerAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.IdExpireddateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EHICIDAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.NationalityAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CititzenshipAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.MaritalstateAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CountryOfBirthAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.EMailAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.PhoneAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TemporaryAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentPhotoAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.TaxIdentificationNumberAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteNameAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteIdentifierAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.HomeInstituteAddressAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentLevelOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.FieldOfStudyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.CurrentDegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeAwardingInstituteAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.GraduationYearAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.DegreeCountryAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageProficiencyAttrBuilder
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eid4u.LanguageCertificatesAttrBuilder
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml
new file mode 100644
index 000000000..4ab49641f
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/eid4u.Authentication.process.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="eID4UAttributCollectionAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+<!--
+ - National authentication with Austrian Citizen Card and mobile signature with our without mandate.
+ - Legacy authentication for foreign citizens using MOCCA supported signature cards.
+-->
+ <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" />
+ <pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" />
+ <pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" />
+ <pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" />
+ <pd:Task id="verifyCertificate" class="VerifyCertificateTask" async="true" />
+ <pd:Task id="getMISMandate" class="GetMISSessionIDTask" async="true" />
+ <pd:Task id="certificateReadRequest" class="CertificateReadRequestTask" />
+ <pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" />
+ <pd:Task id="prepareGetMISMandate" class="PrepareGetMISMandateTask" />
+ <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
+ <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" />
+ <pd:Task id="userRestrictionTask" class="UserRestrictionTask" />
+ <pd:Task id="genericFrontChannelRedirectTask" class="GenericFrontChannelRedirectTask"/>
+
+ <!-- eID4U extensions -->
+ <pd:Task id="collectAddtionalAttributesTask" class="CollectAddtionalAttributesTask" async="true"/>
+ <pd:Task id="receiveConsentForAddtionalAttributesTask" class="ReceiveConsentForAddtionalAttributesTask" async="true"/>
+
+
+
+
+ <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+ <pd:StartEvent id="start" />
+
+ <pd:Transition from="start" to="initializeBKUAuthentication" />
+
+ <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />
+
+ <pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
+
+ <pd:Transition from="verifyIdentityLink" to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" />
+ <pd:Transition from="verifyIdentityLink" to="prepareAuthBlockSignature" />
+
+ <pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" />
+ <!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. -->
+
+ <pd:Transition from="certificateReadRequest" to="verifyCertificate" />
+ <!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. -->
+
+ <pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
+ <pd:Transition from="verifyCertificate" to="getForeignID" />
+
+ <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" />
+ <pd:Transition from="verifyAuthBlock" to="userRestrictionTask" />
+
+ <pd:Transition from="prepareGetMISMandate" to="getMISMandate" />
+
+ <pd:Transition from="getMISMandate" to="userRestrictionTask" />
+ <pd:Transition from="getForeignID" to="userRestrictionTask" />
+
+
+ <pd:Transition from="userRestrictionTask" to="genericFrontChannelRedirectTask" />
+
+ <!-- eID4U tasks for attribute collection -->
+ <pd:Transition from="genericFrontChannelRedirectTask" to="collectAddtionalAttributesTask" />
+
+ <pd:Transition from="collectAddtionalAttributesTask" to="receiveConsentForAddtionalAttributesTask" conditionExpression="ctx['collecteID4UAttr']" />
+ <pd:Transition from="collectAddtionalAttributesTask" to="finalizeAuthentication" conditionExpression="!ctx['collecteID4UAttr']" />
+
+ <pd:Transition from="receiveConsentForAddtionalAttributesTask" to="finalizeAuthentication" />
+
+
+ <pd:Transition from="finalizeAuthentication" to="end" />
+
+ <pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
index 20395f210..da4a2a95b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml
@@ -9,9 +9,17 @@
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+ <bean id="eID4UAuthProcessImpl"
+ class="at.gv.egovernment.moa.id.auth.modules.eidas.AustrianAuthWitheID4UAuthenticationModulImpl">
+ <property name="priority" value="1" />
+ </bean>
+
<bean id="eIDASSignalServlet"
class="at.gv.egovernment.moa.id.auth.modules.eidas.eIDASSignalServlet"/>
+ <bean id="eID4UAPSignalServlet"
+ class="at.gv.egovernment.moa.id.auth.modules.eidas.eID4UAPSignalServlet"/>
+
<bean id="EIDASProtocol"
class="at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol"/>
@@ -30,5 +38,14 @@
<bean id="CreateIdentityLinkTask"
class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CreateIdentityLinkTask"
scope="prototype"/>
+
+ <bean id="CollectAddtionalAttributesTask"
+ class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CollectAddtionalAttributesTask"
+ scope="prototype"/>
+
+ <bean id="ReceiveConsentForAddtionalAttributesTask"
+ class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.ReceiveConsentForAddtionalAttributesTask"
+ scope="prototype"/>
+
</beans> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map
new file mode 100644
index 000000000..6a8a28dd4
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/eID4U_TUG_scopes.map
@@ -0,0 +1,27 @@
+ANY@tugraz.idm.attr.Citizenship=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/Citizenship
+ANY@tugraz.idm.attr.CityOfBirth=http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth
+ANY@tugraz.idm.attr.CountryOfBirth=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/CountryOfBirth
+ANY@tugraz.idm.attr.CurrentDegreeName=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/CurrentDegree
+ANY@tugraz.idm.attr.CurrentFieldOfStudy=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/FieldOfStudy
+ANY@tugraz.idm.attr.CurrentLevelOfStudy=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/CurrentLevelOfStudy
+ANY@tugraz.idm.attr.EmailStud=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/Email
+ANY@tugraz.idm.attr.Gender=http://eidas.europa.eu/attributes/naturalperson/Gender
+ANY@tugraz.idm.attr.HomeInstitutionName=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Name
+ANY@tugraz.idm.attr.HomeInstitutionCountry=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Country
+
+
+ANY@tugraz.idm.attr.HomeInstitutionAddressCountryCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+ANY@tugraz.idm.attr.HomeInstitutionAddressPostalCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+ANY@tugraz.idm.attr.HomeInstitutionAddressStreet=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+ANY@tugraz.idm.attr.HomrInstitutionAddressCity=http://eidas.europa.eu/attributes/sectorspecific/eid4u/studies/homeinstitution/Address
+
+
+ANY@tugraz.idm.attr.PermanentAddressCity=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+ANY@tugraz.idm.attr.PermanentAddressCountryCode=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+ANY@tugraz.idm.attr.PermanentAddressPostalCode=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+ANY@tugraz.idm.attr.PermanentAddressStreet=http://eidas.europa.eu/attributes/naturalperson/CurrentAddress
+
+ANY@tugraz.idm.attr.StudyAddressCity=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
+ANY@tugraz.idm.attr.StudyAddressCountryCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
+ANY@tugraz.idm.attr.StudyAddressPostalCode=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress
+ANY@tugraz.idm.attr.StudyAddressStreet=http://eidas.europa.eu/attributes/sectorspecific/eid4u/naturalperson/TemporaryAddress \ No newline at end of file