aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-elga_mandate_service/src
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-05-10 15:50:52 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-05-10 15:50:52 +0200
commitaa4f6b8a17400e6ebbe83d92e26b25413deb9aa1 (patch)
tree0798f107e13d8a8546c1b15c6432e5360a656e92 /id/server/modules/moa-id-module-elga_mandate_service/src
parent576f5ea5cfaf2ea174f198dc5df238c1ca0c331a (diff)
parentc3e07d7fb87b2d132ffc838e4878b9479da361a7 (diff)
downloadmoa-id-spss-aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1.tar.gz
moa-id-spss-aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1.tar.bz2
moa-id-spss-aa4f6b8a17400e6ebbe83d92e26b25413deb9aa1.zip
Update to MOA-SPSS 3.0.0-RC1
Merge branch 'moa-id-3.2_(OPB)' into moa-id_with_moa-sig_and_eccelerate Conflicts: id/moa-spss-container/pom.xml pom.xml
Diffstat (limited to 'id/server/modules/moa-id-module-elga_mandate_service/src')
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java9
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java25
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java28
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java100
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java6
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java2
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java144
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java126
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java51
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java50
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java95
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java61
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java59
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java2
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml19
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml10
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/templates/mandate-service-selection.html76
17 files changed, 650 insertions, 213 deletions
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
index b50d1cf4e..7ca4590bb 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
@@ -44,6 +44,8 @@ public class ELGAMandatesAuthConstants {
public static final String ENDPOINT_REDIRECT = "/sp/elga_mandate/redirect";
public static final String ENDPOINT_METADATA = "/sp/elga_mandate/metadata";
+ public static final String TEMPLATE_MANDATE_SERVICE_SELECTION = "/mandate-service-selection.html";
+
//configuration properties
public static final String CONFIG_PROPS_PREFIX = "modules.elga_mandate.";
@@ -96,6 +98,13 @@ public class ELGAMandatesAuthConstants {
public static final String CONFIG_DEFAULT_QAA_STORK_LEVEL = "http://www.stork.gov.eu/1.0/citizenQAALevel/4";
public static final String CONFIG_DEFAULT_QAA_SECCLASS_LEVEL = "http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3";
+ public static final String SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE = "rc";
+ public static final String SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE_URI = "http://egiz.gv.at/namespace/subjectconformationdate/elga";
+ public static final String SUBJECTCONFORMATIONDATE_ELEMENT_ROOT = SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE + ":Representative";
+ public static final String SUBJECTCONFORMATIONDATE_ELEMENT_FAMILYNAME = SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE + ":FamilyName";
+ public static final String SUBJECTCONFORMATIONDATE_ELEMENT_GIVENNAME = SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE + ":GivenName";
+ public static final String SUBJECTCONFORMATIONDATE_ELEMENT_DATEOFBIRTH = SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE + ":DateOfBirth";
+
public static List<String> getRequiredAttributeNames() {
List<String> list = new ArrayList<String>();
for (Pair<String, String> el : REQUIRED_PVP_ATTRIBUTES)
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
index 7f7af704c..c2efe5bfc 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
@@ -23,7 +23,12 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates;
*/
+import org.springframework.beans.factory.annotation.Autowired;
+
import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
* This authentication module extens the default citizen
@@ -33,6 +38,8 @@ import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModu
*/
public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl {
+ @Autowired private AuthConfiguration authConfig;
+
private int priority = 0;
/* (non-Javadoc)
@@ -42,13 +49,23 @@ public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl
public int getPriority() {
return priority;
}
-
+
@Override
- public String getProcessName() {
- return "DefaultAuthenticationWithELGAMandates";
+ public String selectProcess(ExecutionContext context) {
+ String selectedProcessID = super.selectProcess(context);
+
+ //check if BKU authentication is selected and ELGA-MandateService is configurated
+ if (MiscUtil.isNotEmpty(selectedProcessID)) {
+ if (MiscUtil.isNotEmpty(authConfig.getBasicMOAIDConfiguration(
+ ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID)))
+ return "DefaultAuthenticationWithELGAMandates";
+
+ }
+
+ return selectedProcessID;
}
-
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
*/
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
index a64fc8bf7..5743590f9 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
@@ -35,7 +35,7 @@ import org.opensaml.xml.security.credential.Credential;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.data.Pair;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
@@ -223,7 +223,8 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
*/
@Override
public String getSPSLOPostBindingURL() {
- return authURL + ELGAMandatesAuthConstants.ENDPOINT_POST;
+ //return authURL + ELGAMandatesAuthConstants.ENDPOINT_POST;
+ return null;
}
/* (non-Javadoc)
@@ -231,7 +232,8 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
*/
@Override
public String getSPSLORedirectBindingURL() {
- return authURL + ELGAMandatesAuthConstants.ENDPOINT_REDIRECT;
+ //return authURL + ELGAMandatesAuthConstants.ENDPOINT_REDIRECT;
+ return null;
}
/* (non-Javadoc)
@@ -288,4 +290,24 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
public String getSPNameForLogging() {
return ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING;
}
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAssertionSigned()
+ */
+ @Override
+ public boolean wantAssertionSigned() {
+ return true;
+
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned()
+ */
+ @Override
+ public boolean wantAuthnRequestSigned() {
+ return true;
+
+ }
}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
index 320c4fdc6..b67d263fc 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
@@ -22,13 +22,26 @@
*/
package at.gv.egovernment.moa.id.auth.modules.elgamandates.config;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.opensaml.Configuration;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.credential.Credential;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
/**
* @author tlenz
@@ -36,14 +49,15 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderCo
*/
public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequestBuilderConfiguruation {
- private boolean isPassive;
- private String SPEntityID;
- private String QAA_Level;
- private EntityDescriptor idpEntity;
- private Credential signCred;
- private String subjectNameID;
- private String subjectNameIDQualifier;
- private String requestID;
+ private boolean isPassive = false;
+ private String SPEntityID = null;
+ private String QAA_Level = null;
+ private EntityDescriptor idpEntity = null;
+ private Credential signCred = null;
+ private String subjectNameID = null;
+ private String subjectNameIDQualifier = null;
+ private String requestID = null;
+ private Element subjectConformationDate = null;
/* (non-Javadoc)
@@ -216,8 +230,74 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest
public void setSubjectNameIDQualifier(String subjectNameIDQualifier) {
this.subjectNameIDQualifier = subjectNameIDQualifier;
}
-
-
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode()
+ */
+ @Override
+ public String getSubjectConformationMethode() {
+ return SubjectConfirmation.METHOD_BEARER;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate()
+ */
+ @Override
+ public Element getSubjectConformationDate() {
+ return subjectConformationDate;
+ }
+
+ /**
+ * @param subjectConformationDate the subjectConformationDate to set
+ */
+ public void setSubjectConformationDate(String givenName, String familyName, String dateOfBirth) {
+ try {
+ Logger.trace("Build 'SubjectConfirmationData' for ELGA Mandate-Service request ...");
+ //build empty 'SubjectConfirmationData' element
+ SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class);
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ DocumentBuilder builder = dbf.newDocumentBuilder();
+ Document doc = builder.newDocument();
+
+ Marshaller out = Configuration.getMarshallerFactory()
+ .getMarshaller(subjectConformDate);
+ out.marshall(subjectConformDate, doc);
+
+ //build root element for personal information
+ Element rootDom = doc.createElementNS(
+ ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE_URI,
+ ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_ROOT);
+ rootDom.setPrefix(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE);
+ rootDom.setAttributeNS("http://www.w3.org/2000/xmlns/",
+ "xmlns:" + ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE,
+ ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE_URI);
+
+ //build personal information
+ Element familyNameDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_FAMILYNAME);
+ Element givenNameDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_GIVENNAME);
+ Element dateOfBirthDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_DATEOFBIRTH);
+ familyNameDom.setTextContent(familyName);
+ givenNameDom.setTextContent(givenName);
+ dateOfBirthDom.setTextContent(dateOfBirth);
+
+ //add personal information to 'SubjectConfirmationData' element
+ doc.getFirstChild().appendChild(rootDom);
+ rootDom.appendChild(givenNameDom);
+ rootDom.appendChild(familyNameDom);
+ rootDom.appendChild(dateOfBirthDom);
+
+ this.subjectConformationDate = doc.getDocumentElement();
+ Logger.trace("'SubjectConfirmationData' for ELGA Mandate-Service is complete");
+
+ } catch (ParserConfigurationException | MarshallingException e) {
+ Logger.error("Can not generate 'SubjectConformationDate' for "
+ + ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);
+
+ }
+
+
+ }
+
}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
index 3fa43d0a3..5720e4827 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
@@ -32,11 +32,13 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import com.google.common.net.MediaType;
+
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
import at.gv.egovernment.moa.id.util.HTTPUtils;
@@ -80,7 +82,7 @@ public class ELGAMandateMetadataController extends AbstractController {
String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
//write response
- resp.setContentType("text/xml");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
resp.getOutputStream().write(xmlMetadata.getBytes("UTF-8"));
resp.getOutputStream().close();
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java
index 6b7c13804..d27353809 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java
@@ -22,7 +22,7 @@
*/
package at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
/**
* @author tlenz
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
deleted file mode 100644
index 03711aa40..000000000
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
-
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.stereotype.Component;
-
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-@Component("ELGAInitializeBKUAuthenticationTask")
-public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthenticationTask {
-
- @Override
- public void execute(ExecutionContext executionContext,
- HttpServletRequest request, HttpServletResponse response)
- throws TaskExecutionException {
-
- try {
- //perform Default-BKU authentication initialization
- internalInitializeWithoutPersist(executionContext, request, response);
-
- //perform ELGA Mandate-Service specific parts
- Logger.debug("Perfom ELGA-Mandate specific parts of initialisation.");
- Boolean misMandateUsed = (Boolean) executionContext.get(MOAIDAuthConstants.PARAM_USEMISMANDATE);
-
- boolean elgaMandateUsed = false;
- Object elgaMandateUsedObj = executionContext.get(MOAIDAuthConstants.PARAM_USEELGAMANDATE);
- if (elgaMandateUsedObj == null ||
- !(elgaMandateUsedObj instanceof String || elgaMandateUsedObj instanceof Boolean)) {
- Logger.error("Use ELGA-MandateService flag has a wrong type.");
- throw new MOAIDException("auth.12", new Object[]{"Start-BKU Authentication","useELGAMandate"});
-
- } else {
- if (elgaMandateUsedObj instanceof String)
- elgaMandateUsed = Boolean.parseBoolean((String) elgaMandateUsedObj);
- else
- elgaMandateUsed = (boolean) elgaMandateUsedObj;
-
- }
-
- //check if both mandate Services are requested
- if ( (misMandateUsed != null && misMandateUsed) &&
- elgaMandateUsed ) {
- Logger.error("Can not use MIS-MandateService and ELGA-MandateService twince");
- throw new MOAIDException("validator.73", null);
-
- }
-
-
- if (elgaMandateUsed) {
- //check mandateProfiles against ELGA-MandateService configuration
- if (!checkServiceProviderAgainstELGAModulConfigration()) {
- Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()
- + " does not fulfill requirements to use ELGA-MandateService.");
- throw new MOAIDException("service.10", new Object[]{
- ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
- "No valid mandate-profile defined"});
-
- }
-
- //remove MIS-Mandate flag and set useMandate flag to MOASession
- Logger.debug("Authentication process select ELGA-MandateService.");
- executionContext.remove(MOAIDAuthConstants.PARAM_USEMISMANDATE);
- moasession.setUseMandates(elgaMandateUsed);
- }
-
- //disable SSO if it is requested
- if (pendingReq.needSingleSignOnFunctionality() && moasession.isMandateUsed()) {
- Logger.info("ELGA-MandateService does not allow Single Sign-On. SSO get disabled for this request.");
- pendingReq.setNeedSingleSignOnFunctionality(false);
-
-
- }
-
- //store MOASession and pendingRequest
- requestStoreage.storePendingRequest(pendingReq);
- authenticatedSessionStorage.storeSession(moasession);
-
- } catch (MOADatabaseException | MOAIDException e) {
- Logger.info("Initialize BKUAuthentication with ELGA Mandates FAILED. Reason:" + e.getMessage());
- throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-
- }
- }
-
- /**
- * Check Service-Provider mandate-profiles against allowed mandate-profiles for ELGA MandateService.
- *
- * @return true, if ELGA mandateservice is allowed, otherwise false
- */
- private boolean checkServiceProviderAgainstELGAModulConfigration() {
- String allowedMandateTypesCSV =
- authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES);
- List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV);
- List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles();
-
- boolean isELGAMandateServiceAllowed = false;
- if (spMandateProfiles != null) {
- for (String el : allowedMandateTypes) {
- if (spMandateProfiles.contains(el))
- isELGAMandateServiceAllowed = true;
-
- }
- }
-
- return isELGAMandateServiceAllowed;
- }
-}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
new file mode 100644
index 000000000..f05446771
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
@@ -0,0 +1,126 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("EvaluateMandateServiceTask")
+public class EvaluateMandateServiceTask extends AbstractAuthServletTask {
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+ try {
+ boolean useMIS = getUserConfermationFromRequest(request, MOAIDAuthConstants.PARAM_USEMISMANDATE);
+ boolean useELGA = getUserConfermationFromRequest(request, MOAIDAuthConstants.PARAM_USEELGAMANDATE);
+
+ //check if both mandate Services are requested
+ if ( useMIS && useELGA ) {
+ Logger.error("Can not use MIS-MandateService and ELGA-MandateService twince");
+ throw new MOAIDException("validator.73", null);
+
+ }
+
+ //select next process step
+ if (useELGA) {
+ //validate service-provider again
+ if (!ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) {
+ Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()
+ + " does not fulfill requirements to use ELGA-MandateService.");
+ throw new MOAIDException("service.10", new Object[]{
+ ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+ "No valid mandate-profile defined"});
+
+ }
+
+ executionContext.put(MOAIDAuthConstants.PARAM_USEELGAMANDATE, useELGA);
+ Logger.debug("ELGA Mandate-Service is selected. Initialize service communication ... ");
+
+ } else if(useMIS) {
+ executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, useMIS);
+ Logger.debug("MIS Mandate-Service is selected. Initialize service communication ... ");
+
+
+ } else {
+ //mark pending-request as aborted
+ Logger.info("No Mandate-Service is selected. Abort authentication process ... ");
+ pendingReq.setAbortedByUser(true);
+ pendingReq.setAuthenticated(false);
+
+ //store pending-request
+ requestStoreage.storePendingRequest(pendingReq);
+
+ //redirect to protocol finalization
+ performRedirectToProtocolFinialization(pendingReq, response);
+
+ }
+
+ } catch (MOAIDException e) {
+ Logger.info("Evaluation of Mandate-Service selection FAILED. Reason:" + e.getMessage());
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ } catch (Exception e) {
+ Logger.info("Mandate-Service selection evaluation: General Exception. Msg:" + e.getMessage());
+ throw new TaskExecutionException(pendingReq, "ELGA mandate-service: General Exception.", e);
+
+ }
+
+ }
+
+ private boolean getUserConfermationFromRequest(HttpServletRequest httpReq, String paramName) throws WrongParametersException {
+ String paramString = httpReq.getParameter(paramName);
+ paramString = StringEscapeUtils.escapeHtml(paramString);
+ if (!ParamValidatorUtils.isValidUseMandate(paramString))
+ throw new WrongParametersException("Mandate-Service selection-evaluation", paramName, null);
+
+ if (MiscUtil.isNotEmpty(paramString))
+ return Boolean.parseBoolean(paramString);
+
+ else
+ return false;
+
+ }
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index f976793b8..07bde7762 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -38,6 +38,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -148,15 +149,21 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
//load MOASession object
defaultTaskInitialization(request, executionContext);
+
+ /**
+ * Mandate Reference-Value is generated from ELGA MandateServie -->
+ * MOA-ID generated reference value is not equal to reference-value from ELGA MandateService
+ * But MOA-ID refernece-value is also validated in 'inResponseTo' attribute from ELGA MandateService response
+ */
//validate receive mandate reference-value
- String responseRefValue = extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME);
- if (!moasession.getMandateReferenceValue().equals(responseRefValue)) {
- Logger.warn("PVP Response from ELGA mandate-service contains a not valid MandateReferenceValue.");
- throw new AssertionValidationExeption("sp.pvp2.07",
- new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
- PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME});
-
- }
+// String responseRefValue = extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME);
+// if (!moasession.getMandateReferenceValue().equals(responseRefValue)) {
+// Logger.warn("PVP Response from ELGA mandate-service contains a not valid MandateReferenceValue.");
+// throw new AssertionValidationExeption("sp.pvp2.07",
+// new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+// PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME});
+//
+// }
Logger.debug("Validation of PVP Response from ELGA mandate-service is complete.");
@@ -171,7 +178,19 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
authenticatedSessionStorage.storeSession(moasession);
//write revisions log entry
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED,
+ extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME));
+
+ //write mandate info's to revisions log
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_TYPE,
+ extractor.getSingleAttributeValue(PVPConstants.MANDATE_TYPE_NAME));
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE,
+ MOAReversionLogger.NAT_PERSON);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH,
+ revisionsLogger.buildPersonInformationHash(
+ extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME),
+ extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME),
+ extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME)));
Logger.info("Receive a valid assertion from ELGA mandate-service " + msg.getEntityID());
@@ -179,12 +198,20 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
String samlRequest = request.getParameter("SAMLRequest");
Logger.warn("Receive INVALID PVP Response from ELGA mandate-service: " + samlRequest, e);
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
- throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from ELGA mandate-service", e);
+ throw new TaskExecutionException(pendingReq,
+ "Receive INVALID PVP Response from ELGA mandate-service",
+ new AuthnResponseValidationException("sp.pvp2.12",
+ new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()},
+ e));
} catch (IOException | MarshallingException | TransformerException e) {
Logger.warn("Processing PVP response from ELGA mandate-service FAILED.", e);
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
- throw new TaskExecutionException(pendingReq, "Processing PVP response from ELGA mandate-service FAILED.", e);
+ throw new TaskExecutionException(pendingReq,
+ "Processing PVP response from ELGA mandate-service FAILED.",
+ new AuthnResponseValidationException("sp.pvp2.12",
+ new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()},
+ e));
} catch (CredentialsNotAvailableException e) {
Logger.error("ELGA mandate-service: PVP response decrytion FAILED. No credential found.", e);
@@ -195,7 +222,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage());
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId());
throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e);
-
+
} catch (Exception e) {
Logger.info("ELGA mandate-service: General Exception. Msg:" + e.getMessage());
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index d25921167..fd918c7f4 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -36,7 +36,6 @@ import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
@@ -44,7 +43,8 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesReq
import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
@@ -82,6 +82,16 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
}
+ //load metadata with metadataURL, as backup
+ String metadataURL = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL);
+ if (MiscUtil.isNotEmpty(metadataURL)) {
+ Logger.warn("Use not recommended metadata-provider initialization!"
+ + " SAML2 'Well-Known-Location' is the preferred methode.");
+ Logger.info("Initialize ELGA Mandate-Service metadata-provider with URL:" + metadataURL);
+ metadataService.initialize(metadataURL);
+
+ }
+
//load IDP SAML2 entitydescriptor
EntityDescriptor entityDesc = metadataService.getEntityDescriptor(elgaMandateServiceEntityID);
@@ -112,7 +122,15 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
}
}
-
+
+ //check if identityLink exists in moaSession DAO
+ if (moasession.getIdentityLink() == null) {
+ Logger.error("Connect ELGA Mandate-Service FAILED -> NO identityLink in moaSession DAO");
+ throw new MOAIDException("service.10",
+ new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "NO identityLink in moaSession DAO."});
+
+ }
+
String sourcePinType = moasession.getIdentityLink().getIdentificationType();
String sourcePinValue = moasession.getIdentityLink().getIdentificationValue();
if (sourcePinType.startsWith(Constants.URN_PREFIX_BASEID)) {
@@ -132,9 +150,25 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
}
}
+ //build subjectNameID with bPK-Type Prefix
+ String bPKPrefix = null;
+ if (configTarget.startsWith(Constants.URN_PREFIX_WBPK))
+ bPKPrefix = configTarget.substring((Constants.URN_PREFIX_WBPK + "+").length());
+
+ else if (configTarget.startsWith(Constants.URN_PREFIX_CDID))
+ bPKPrefix = configTarget.substring((Constants.URN_PREFIX_CDID + "+").length());
+
+ if (bPKPrefix == null) {
+ throw new MOAIDException("service.10",
+ new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "Configurated bPK-Type is wrong."});
+
+ }
+
//set bPK of representative as SAML2 subjectNameID
- authnReqConfig.setSubjectNameID(representativeBPK );
- authnReqConfig.setSubjectNameIDQualifier(configTarget);
+ authnReqConfig.setSubjectNameID(bPKPrefix + ":" + representativeBPK );
+
+ //is not recommended from ELGA
+ //authnReqConfig.setSubjectNameIDQualifier(configTarget);
//set MandateReferenceValue as RequestID
authnReqConfig.setRequestID(moasession.getMandateReferenceValue());
@@ -142,6 +176,12 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID,
authnReqConfig.getRequestID());
+ //set SubjectConformationDate
+ authnReqConfig.setSubjectConformationDate(
+ moasession.getIdentityLink().getGivenName(),
+ moasession.getIdentityLink().getFamilyName(),
+ moasession.getIdentityLink().getDateOfBirth());
+
//store pending-request
requestStoreage.storePendingRequest(pendingReq);
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
new file mode 100644
index 000000000..8d6ac1762
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
+import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils;
+import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("SelectMandateServiceTask")
+public class SelectMandateServiceTask extends AbstractAuthServletTask {
+
+ @Autowired IGUIFormBuilder guiBuilder;
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+ try {
+ //check if Service-Provider allows ELGA-mandates
+ if (ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) {
+ Logger.trace("Build GUI for mandate-service selection ...");
+
+ IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+ pendingReq,
+ ELGAMandatesAuthConstants.TEMPLATE_MANDATE_SERVICE_SELECTION,
+ GeneralProcessEngineSignalController.ENDPOINT_GENERIC);
+
+ guiBuilder.build(response, config, "Mandate-Service selection");
+
+ Logger.debug("GUI for mandate-service selection is generated. Wait for user interaction ... ");
+
+ } else {
+ //service-provider does not allow ELGA-mandates --> switch to MIS mandate-service
+ Logger.debug("Service-Provider does not allow ELGA Mandate-Service. --> Select MIS Mandate-Service as Default.");
+ executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, true);
+
+ }
+
+ } catch (GUIBuildException e) {
+ Logger.warn("Can not build GUI:'Mandate-Service selection'. Msg:" + e.getMessage());
+ throw new TaskExecutionException(pendingReq,
+ "Can not build GUI. Msg:" + e.getMessage(),
+ new MOAIDException("builder.09", new Object[]{e.getMessage()}, e));
+
+ } catch (Exception e) {
+ Logger.info("Mandate-Service selection: General Exception. Msg:" + e.getMessage());
+ throw new TaskExecutionException(pendingReq, "ELGA mandate-service: General Exception.", e);
+
+ }
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index 49f131983..c9485104b 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -37,7 +37,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
@@ -57,6 +57,19 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
private HTTPMetadataProvider metadataProvider = null;
+
+ public void initialize(String metadataURL) throws MetadataProviderException {
+ if (metadataProvider == null) {
+ internalInitialize(metadataURL);
+
+ } else {
+ Logger.info("ELGA Mandate-Service metadata-provider is already initialized.");
+
+ }
+
+ }
+
+
/* (non-Javadoc)
* @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata()
*/
@@ -138,7 +151,7 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
@Override
public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException {
if (metadataProvider == null)
- initialize(entityID);
+ internalInitialize(entityID);
try {
EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID);
@@ -162,7 +175,7 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
@Override
public List<RoleDescriptor> getRole(String entityID, QName roleName) throws MetadataProviderException {
if (metadataProvider == null)
- initialize(entityID);
+ internalInitialize(entityID);
return metadataProvider.getRole(entityID, roleName);
}
@@ -174,35 +187,37 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol)
throws MetadataProviderException {
if (metadataProvider == null)
- initialize(entityID);
+ internalInitialize(entityID);
return metadataProvider.getRole(entityID, roleName, supportedProtocol);
}
- private void initialize(String entityID) throws MetadataProviderException {
- Logger.info("Initialize PVP MetadataProvider to connect ELGA Mandate-Service");
+ private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException {
+ if (metadataProvider == null) {
+ Logger.info("Initialize PVP MetadataProvider to connect ELGA Mandate-Service");
- String trustProfileID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE);
- if (MiscUtil.isEmpty(trustProfileID)) {
- Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." );
- throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");
- }
+ String trustProfileID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE);
+ if (MiscUtil.isEmpty(trustProfileID)) {
+ Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." );
+ throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");
+ }
- //create metadata validation filter chain
- MetadataFilterChain filter = new MetadataFilterChain();
- filter.addFilter(new SchemaValidationFilter(true));
- filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
+ //create metadata validation filter chain
+ MetadataFilterChain filter = new MetadataFilterChain();
+ filter.addFilter(new SchemaValidationFilter(true));
+ filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
- metadataProvider = createNewHTTPMetaDataProvider(entityID,
- filter,
- ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);
+ metadataProvider = createNewHTTPMetaDataProvider(metdataURL,
+ filter,
+ ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);
- if (metadataProvider == null) {
- Logger.error("Create ELGA Mandate-Service Client FAILED.");
- throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadaa provider.");
+ if (metadataProvider == null) {
+ Logger.error("Create ELGA Mandate-Service Client FAILED.");
+ throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadaa provider.");
- }
+ }
- metadataProvider.setRequireValidMetadata(true);
+ metadataProvider.setRequireValidMetadata(true);
+ }
}
}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java
new file mode 100644
index 000000000..03f8fa195
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
+
+import java.util.List;
+
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ELGAMandateUtils {
+ /**
+ * Check Service-Provider mandate-profiles against allowed mandate-profiles for ELGA MandateService.
+ *
+ * @return true, if ELGA mandateservice is allowed, otherwise false
+ */
+ public static boolean checkServiceProviderAgainstELGAModulConfigration(AuthConfiguration authConfig, IRequest pendingReq) {
+ String allowedMandateTypesCSV =
+ authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES);
+ List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV);
+ List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles();
+
+ boolean isELGAMandateServiceAllowed = false;
+ if (spMandateProfiles != null) {
+ for (String el : allowedMandateTypes) {
+ if (spMandateProfiles.contains(el))
+ isELGAMandateServiceAllowed = true;
+
+ }
+ }
+
+ return isELGAMandateServiceAllowed;
+ }
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
index c6434b901..f5bcdb70b 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
@@ -26,7 +26,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
import at.gv.egovernment.moa.util.FileUtils;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
index 8cd08d226..4dee1160e 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
@@ -5,7 +5,7 @@
- National authentication with Austrian Citizen Card and mobile signature with our without mandate.
- Legacy authentication for foreign citizens using MOCCA supported signature cards.
-->
- <pd:Task id="elgaInitializeBKUAuthentication" class="ELGAInitializeBKUAuthenticationTask" />
+ <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" />
<pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" />
<pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" />
<pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" />
@@ -18,6 +18,8 @@
<pd:Task id="getForeignID" class="GetForeignIDTask" async="true" />
<!-- ELGA Mandate-Service Tasks -->
+ <pd:Task id="selectMandateServiceTask" class="SelectMandateServiceTask" />
+ <pd:Task id="evaluateMandateServiceTask" class="EvaluateMandateServiceTask" async="true"/>
<pd:Task id="requestELGAMandateTask" class="RequestELGAMandateTask" />
<pd:Task id="receiveElgaMandateResponseTask" class="ReceiveElgaMandateResponseTask" async="true"/>
@@ -25,9 +27,9 @@
<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
<pd:StartEvent id="start" />
- <pd:Transition from="start" to="elgaInitializeBKUAuthentication" />
+ <pd:Transition from="start" to="initializeBKUAuthentication" />
- <pd:Transition from="elgaInitializeBKUAuthentication" to="createIdentityLinkForm" />
+ <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />
<pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
@@ -43,10 +45,17 @@
<pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
<pd:Transition from="verifyCertificate" to="getForeignID" />
- <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
- <pd:Transition from="verifyAuthBlock" to="requestELGAMandateTask" conditionExpression="ctx['useELGAMandate']" />
+ <pd:Transition from="verifyAuthBlock" to="selectMandateServiceTask" conditionExpression="ctx['useMandate']" />
<pd:Transition from="verifyAuthBlock" to="finalizeAuthentication" />
+ <pd:Transition from="selectMandateServiceTask" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
+ <pd:Transition from="selectMandateServiceTask" to="evaluateMandateServiceTask" />
+
+ <pd:Transition from="evaluateMandateServiceTask" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
+ <pd:Transition from="evaluateMandateServiceTask" to="requestELGAMandateTask" conditionExpression="ctx['useELGAMandate']" />
+ <pd:Transition from="evaluateMandateServiceTask" to="end" />
+
+
<pd:Transition from="requestELGAMandateTask" to="receiveElgaMandateResponseTask" />
<pd:Transition from="receiveElgaMandateResponseTask" to="finalizeAuthentication" />
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
index c1abe78df..cbc4e65c1 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
@@ -26,11 +26,15 @@
<bean id="ELGAMandateSignalController"
class="at.gv.egovernment.moa.id.auth.modules.elgamandates.controller.ELGAMandateSignalController"/>
-<!-- Federated Authentication Process Tasks -->
- <bean id="ELGAInitializeBKUAuthenticationTask"
- class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.ELGAInitializeBKUAuthenticationTask"
+<!-- ELGA-MandateService communication Process Tasks -->
+ <bean id="SelectMandateServiceTask"
+ class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.SelectMandateServiceTask"
scope="prototype"/>
+ <bean id="EvaluateMandateServiceTask"
+ class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.EvaluateMandateServiceTask"
+ scope="prototype"/>
+
<bean id="RequestELGAMandateTask"
class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.RequestELGAMandateTask"
scope="prototype"/>
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/templates/mandate-service-selection.html b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/templates/mandate-service-selection.html
new file mode 100644
index 000000000..b0be4a475
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/templates/mandate-service-selection.html
@@ -0,0 +1,76 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <!-- MOA-ID 2.x BKUSelection Layout CSS -->
+ <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=#ID#" />
+
+ <title>Anmeldung an Online-Applikation</title>
+</head>
+
+
+<body>
+ <div id="page">
+
+ <div id="page1" class="case selected-case" role="main">
+
+<!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> -->
+
+ <div id="main">
+ <!--div id="leftcontent" class="hell"-->
+ <div id=processContent>
+ <div id="bku_header" class="dunkel">
+ <h2 id="tabheader" class="dunkel" role="heading">
+ Anmeldeinformationen:
+ </h2>
+ </div>
+
+ <div id="selectArea" class="hell" role="application">
+ <h3>Anmeldung an: $OAName</h3>
+
+
+ <div id="processInfoArea">
+ <p>Für die Anmeldung 'in Vertretung' stehen Ihnen zwei Systeme zur Vollmachtenauswahl zur Verfügung. Bitte wählen Sie das gewünschte Service.</p>
+ </div>
+
+ <div id="processSelectionArea">
+ <div id="elgaMandateButton" class="processSelectionButtonArea">
+ <form method="post" id="moaidform_yes" action="$contextPath$submitEndpoint">
+ <input type="hidden" name="useELGAMandate" value="true">
+ <input type="hidden" name="pendingid" value="$pendingReqID">
+ <input type="submit" value="Eltern-Kind Vertretung" class="processSelectionButton" role="button">
+ </form>
+ <div class="buttonDescription">
+ <p>Eltern-Kind Vertretung</p>
+ </div>
+ </div>
+ <div id="misMandateButton" class="processSelectionButtonArea">
+ <form method="post" id="moaidform_no" action="$contextPath$submitEndpoint">
+ <input type="hidden" name="useMISMandate" value="true">
+ <input type="hidden" name="pendingid" value="$pendingReqID">
+ <input type="submit" value="allgemeine Vertretung" class="processSelectionButton" role="button">
+ </form>
+ <div class="buttonDescription">
+ <p>Vollmachtenservice der Österreichischen Datenschutzbehörde <a href="https://mms.stammzahlenregister.gv.at/mms/moaid.do">(MMS Service)</a></p>
+ </div>
+ </div>
+ <div id="abortButton" class="processSelectionButtonArea">
+ <form method="post" id="moaidform_no" action="$contextPath$submitEndpoint">
+ <input type="hidden" name="pendingid" value="$pendingReqID">
+ <input type="submit" value="Abbrechen" class="processSelectionButton" role="button">
+ </form>
+ <div class="buttonDescription">
+ <p>Den Anmeldevorgang abbrechen</p>
+ </div>
+ </div>
+ </div>
+
+ </div>
+ </div>
+
+ <!--/div-->
+ </div>
+ </div>
+ </div>
+</body>
+</html>