diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-08-16 07:08:26 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-08-16 07:08:26 +0200 |
commit | a60b99e926ccd5c18baa36144922a94835819777 (patch) | |
tree | ab19e4609c2e4e8b1cd8d449c3ad83a8665fe355 /id/server/modules/moa-id-module-eIDAS/src/main | |
parent | a9c3d654ebd5af475c1fb634d4fb03d8499218ee (diff) | |
download | moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.tar.gz moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.tar.bz2 moa-id-spss-a60b99e926ccd5c18baa36144922a94835819777.zip |
change STORK QAA to eIDAS LoA
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main')
3 files changed, 20 insertions, 23 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java index eb32d1d12..7664eec86 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java @@ -78,7 +78,9 @@ public class Constants { public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier"; public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth"; public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName"; - public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName"; + public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName"; + public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier"; + public static final String eIDAS_ATTR_LEGALNAME = "LegalName"; //http endpoint descriptions public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post"; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index ee71e8e6b..a3fd51c4c 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -94,23 +94,25 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //get service-provider configuration IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); - // get target country + // get target and validate citizen countryCode String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); if (StringUtils.isEmpty(citizenCountryCode)) { // illegal state; task should not have been executed without a selected country throw new AuthenticationException("eIDAS.03", new Object[] { "" }); + } - CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode); if(null == cpeps) { Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode}); throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode}); } Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode); + + + // select SingleSignOnService Endpoint from eIDAS-node metadata String destination = null; String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim(); - try { EntityDescriptor eIDASNodeMetadata = eIDASMetadataProvider.getEntityDescriptor(metadataUrl); if (eIDASNodeMetadata != null) { @@ -129,10 +131,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { Logger.warn("Load eIDAS metadata from node:" + metadataUrl + " FAILED with an error.", e); } - - + + // load SingleSignOnService Endpoint from configuration, if Metadata contains no information + // FIXME convenience function for not standard conform metadata if (MiscUtil.isEmpty(destination)) { - destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination + destination = cpeps.getPepsURL().toString().split(";")[1].trim(); if (MiscUtil.isNotEmpty(destination)) Logger.debug("Use eIDAS node destination URL:" + destination + " from configuration"); @@ -189,11 +192,12 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { String issur = pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA; authnRequestBuilder.issuer(issur); authnRequestBuilder.destination(destination); + + authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT); + //set minimum required eIDAS LoA from OA config + authnRequestBuilder.levelOfAssurance(LevelOfAssurance.fromString(oaConfig.getQaaLevel())); authnRequestBuilder.levelOfAssuranceComparison(LevelOfAssuranceComparison.MINIMUM); - authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT); - //TODO: load from OA-Configuration - authnRequestBuilder.levelOfAssurance(LevelOfAssurance.LOW); //set correct SPType for this online application if (oaConfig.getBusinessService()) @@ -202,8 +206,9 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { authnRequestBuilder.spType(SpType.PUBLIC); - //TODO: make it loadable from config - authnRequestBuilder.serviceProviderCountryCode("AT"); + //set service provider (eIDAS node) countryCode + authnRequestBuilder.serviceProviderCountryCode( + authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT")); //set citizen country code for foreign uses authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode()); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index cb91d5fa3..9fab58f94 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -350,17 +350,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { eIDASRespBuilder.statusMessage(e.getMessage()); } - - if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) { - String assertionConsumerUrl = MetadataUtil.getAssertionConsumerUrlFromMetadata( - SAMLEngineUtils.getMetadataFetcher(), - SAMLEngineUtils.getMetadataSigner(), - eidasReq.getEidasRequest()); - - //TODO: set AssertionConsumerService is required? - - } - + eIDASRespBuilder.id(eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils.generateNCName()); eIDASRespBuilder.inResponseTo(eidasReq.getEidasRequest().getId()); |