send a saml assertion to the demo node

4 files changed, 117 insertions, 15 deletions

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 6483656ec..159728e92 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -22,9 +22,17 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
+import java.io.IOException;
+import java.io.StringWriter;
+import java.security.Security;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+
 import eu.eidas.auth.commons.EIDASAuthnRequest;
 import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.commons.IPersonalAttributeList;
@@ -45,6 +53,7 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -76,22 +85,29 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			//load MOASession object and OA-configuration
 			AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
 			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
-			
-			
-			//build eIDAS AuthnRequest
-			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
+
+			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+
 			IPersonalAttributeList pAttList = new PersonalAttributeList();
 			
 			//create template requested attribute
 			//TODO: load required attributes from OA configuration
 			PersonalAttribute attr = new PersonalAttribute();
-		
+			attr.setName("eidas/attributes/CurrentFamilyName");
+
 			pAttList.add(attr);
-			
-		
-			
-			EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
-            engine.initRequestedAttributes(pAttList);
+
+			//build eIDAS AuthnRequest
+			EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
+			String assertionConsumerURL="https://demo.a-sit.at/EidasNode/ServiceProvider";
+			authnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
+			String providerName = "sp3fr-moa";
+			authnRequest.setProviderName(providerName);
+			int qaaLevel = 1;
+			authnRequest.setQaa(qaaLevel);
+			authnRequest.setPersonalAttributeList(pAttList);
+
+			engine.initRequestedAttributes(pAttList);
 			authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
 			
 			//encode AuthnRequest
@@ -100,8 +116,38 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			
 			
 			//send
-			
-			
+	        try {
+	            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+	            Template template = velocityEngine.getTemplate("/resources/templates/eidas_postbinding_template.vm");
+	            VelocityContext context = new VelocityContext();
+
+	            String actionType = "SAMLRequest";
+	            context.put(actionType, SAMLRequest);
+	            Logger.debug("Encoded " + actionType + " original: " + SAMLRequest);
+
+	            Logger.debug("Using assertion consumer url as action: " + assertionConsumerURL);
+	            context.put("action", assertionConsumerURL);
+
+	            Logger.debug("Starting template merge");
+	            StringWriter writer = new StringWriter();
+
+	            Logger.debug("Doing template merge");
+	            template.merge(context, writer);
+	            Logger.debug("Template merge done");
+
+	            Logger.debug("Sending html content: " + writer.getBuffer().toString());
+
+	            response.setContentType("text/html;charset=UTF-8");
+	            response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+
+	        } catch (IOException e) {
+	            Logger.error("Velocity IO error: " + e.getMessage());
+	            throw new MOAIDException("stork.15", null); // TODO
+	        } catch (Exception e) {
+	            Logger.error("Velocity general error: " + e.getMessage());
+	            throw new MOAIDException("stork.15", null); // TODO
+	        }
+
 		}catch (EIDASSAMLEngineException e){
 			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
 			throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
new file mode 100644
index 000000000..8fdb40065
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+
+public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
+
+			System.out.println(request.getContentLength());
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
index fe1974b4d..09f10a7ef 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
@@ -2,15 +2,15 @@
 <pd:ProcessDefinition id="eIDASAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
 
 
-	<pd:Task id="createAuthnRequest" 							 		 class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.GenerateAuthnRequestTask" />
-	<pd:Task id="finalizeAuthentication" 							 class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask" />
+	<pd:Task id="receiveAuthnResponse" class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.ReceiveAuthnResponseTask" async="true" />
 
 	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
 	<pd:StartEvent id="start" />
 	
 	<pd:Transition from="start" to="createAuthnRequest" />
 	
-	<pd:Transition from="createAuthnRequest" to="finalizeAuthentication" />
+	<pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" />
+	<pd:Transition from="receiveAuthnResponse" to="finalizeAuthentication" />
 	
 	<pd:Transition from="finalizeAuthentication"    to="end" />
 	
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm
new file mode 100644
index 000000000..8beb601c6
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm
@@ -0,0 +1,38 @@
+##
+## Velocity Template for SAML 2 HTTP-POST binding
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## RelayState - String - the relay state for the message
+## SAMLRequest - String - the Base64 encoded SAML Request
+## SAMLResponse - String - the Base64 encoded SAML Response
+## Contains target attribute to delegate PEPS authentication out of iFrame
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+    <body onload="document.forms[0].submit()">
+        <noscript>
+            <p>
+                <strong>Note:</strong> Since your browser does not support JavaScript,
+                you must press the Continue button once to proceed.
+            </p>
+        </noscript>
+        
+        <form action="${action}" method="post" target="_top">
+            <div>
+                #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end
+                
+                #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end
+                
+                #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end
+                
+            </div>
+            <noscript>
+                <div>
+                    <input type="submit" value="Continue"/>
+                </div>
+            </noscript>
+        </form>
+        
+    </body>
+</html>
\ No newline at end of file