aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-elga_mandate_service
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-03-08 11:10:19 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-03-08 11:10:19 +0100
commitb9937af42fdab6b85aa1121148bda474c70f5e75 (patch)
treeb40401aef3a0dff9dac0db55ae6f4b519a6bac49 /id/server/modules/moa-id-module-elga_mandate_service
parente2d27757411fdcba586cc162f362c72ca3ae689c (diff)
downloadmoa-id-spss-b9937af42fdab6b85aa1121148bda474c70f5e75.tar.gz
moa-id-spss-b9937af42fdab6b85aa1121148bda474c70f5e75.tar.bz2
moa-id-spss-b9937af42fdab6b85aa1121148bda474c70f5e75.zip
finish first beta-version of ELGA mandate-service client-module
Diffstat (limited to 'id/server/modules/moa-id-module-elga_mandate_service')
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java40
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java107
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java65
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java15
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java5
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml8
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml4
7 files changed, 216 insertions, 28 deletions
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
index b521116d3..320c4fdc6 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
@@ -42,6 +42,8 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest
private EntityDescriptor idpEntity;
private Credential signCred;
private String subjectNameID;
+ private String subjectNameIDQualifier;
+ private String requestID;
/* (non-Javadoc)
@@ -73,7 +75,7 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest
*/
@Override
public String getNameIDPolicyFormat() {
- return NameID.TRANSIENT;
+ return NameID.PERSISTENT;
}
/* (non-Javadoc)
@@ -81,7 +83,7 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest
*/
@Override
public boolean getNameIDPolicyAllowCreation() {
- return true;
+ return false;
}
/* (non-Javadoc)
@@ -143,6 +145,15 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest
this.subjectNameID = subjectNameID;
}
+
+
+ /**
+ * @param requestID the requestID to set
+ */
+ public void setRequestID(String requestID) {
+ this.requestID = requestID;
+ }
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential()
*/
@@ -183,5 +194,30 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest
return NameID.PERSISTENT;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getRequestID()
+ */
+ @Override
+ public String getRequestID() {
+ return this.requestID;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier()
+ */
+ @Override
+ public String getSubjectNameIDQualifier() {
+ return this.subjectNameIDQualifier;
+ }
+
+ /**
+ * @param subjectNameIDQualifier the subjectNameIDQualifier to set
+ */
+ public void setSubjectNameIDQualifier(String subjectNameIDQualifier) {
+ this.subjectNameIDQualifier = subjectNameIDQualifier;
+ }
+
+
+
}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
new file mode 100644
index 000000000..50bac3eab
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("ELGAInitializeBKUAuthenticationTask")
+public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthenticationTask {
+
+ @Override
+ public void execute(ExecutionContext executionContext,
+ HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+
+ try {
+ //perform Default-BKU authentication initialization
+ internalInitializeWithoutPersist(executionContext, request, response);
+
+ //perform ELGA Mandate-Service specific parts
+ Logger.debug("Perfom ELGA-Mandate specific parts of initialisation.");
+ Boolean misMandateUsed = (Boolean) executionContext.get(MOAIDAuthConstants.PARAM_USEMISMANDATE);
+
+ boolean elgaMandateUsed = false;
+ Object elgaMandateUsedObj = executionContext.get(MOAIDAuthConstants.PARAM_USEELGAMANDATE);
+ if (elgaMandateUsedObj == null ||
+ !(elgaMandateUsedObj instanceof String || elgaMandateUsedObj instanceof Boolean)) {
+ Logger.error("Use ELGA-MandateService flag has a wrong type.");
+ throw new MOAIDException("auth.12", new Object[]{"Start-BKU Authentication","useELGAMandate"});
+
+ } else {
+ if (elgaMandateUsedObj instanceof String)
+ elgaMandateUsed = Boolean.parseBoolean((String) elgaMandateUsedObj);
+ else
+ elgaMandateUsed = (boolean) elgaMandateUsedObj;
+
+ }
+
+
+ //check if both mandate Services are requested
+ if ( (misMandateUsed != null && misMandateUsed) &&
+ elgaMandateUsed ) {
+ Logger.error("Can not use MIS-MandateService and ELGA-MandateService twince");
+ throw new MOAIDException("validator.73", null);
+
+ }
+
+ //remove MIS-Mandate flag and set useMandate flag to MOASession
+ if (elgaMandateUsed) {
+ Logger.debug("Authentication process select ELGA-MandateService.");
+ executionContext.remove(MOAIDAuthConstants.PARAM_USEMISMANDATE);
+ moasession.setUseMandates(elgaMandateUsed);
+ }
+
+ //disable SSO if it is requested
+ if (pendingReq.needSingleSignOnFunctionality() && moasession.isMandateUsed()) {
+ Logger.info("ELGA-MandateService does not allow Single Sign-On. SSO get disabled for this request.");
+ pendingReq.setNeedSingleSignOnFunctionality(false);
+
+
+ }
+
+ //store MOASession and pendingRequest
+ requestStoreage.storePendingRequest(pendingReq);
+ authenticatedSessionStorage.storeSession(moasession);
+
+ } catch (MOADatabaseException | MOAIDException e) {
+ Logger.info("Initialize BKUAuthentication with ELGA Mandates FAILED. Reason:" + e.getMessage());
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ }
+ }
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index 13e17e03e..a5e316f10 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -37,6 +37,7 @@ import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -46,6 +47,7 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCred
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
@@ -55,7 +57,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -67,7 +69,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
@Component("ReceiveElgaMandateResponseTask")
public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
- @Autowired SAMLVerificationEngine samlVerificationEngine;
+ @Autowired SAMLVerificationEngineSP samlVerificationEngine;
@Autowired ELGAMandatesCredentialProvider credentialProvider;
@Autowired ELGAMandateServiceMetadataProvider metadataProvider;
@@ -81,13 +83,18 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
try {
IDecoder decoder = null;
+ MOAURICompare comperator = null;
//select Response Binding
if (request.getMethod().equalsIgnoreCase("POST")) {
decoder = new PostBinding();
+ comperator = new MOAURICompare(pendingReq.getAuthURL()
+ + ELGAMandatesAuthConstants.ENDPOINT_POST);
Logger.debug("Receive PVP Response from ELGA mandate-service, by using POST-Binding.");
} else if (request.getMethod().equalsIgnoreCase("GET")) {
decoder = new RedirectBinding();
+ comperator = new MOAURICompare(pendingReq.getAuthURL()
+ + ELGAMandatesAuthConstants.ENDPOINT_REDIRECT);
Logger.debug("Receive PVP Response from ELGA mandate-service, by using Redirect-Binding.");
} else {
@@ -99,7 +106,8 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
}
//decode PVP response object
- msg = (InboundMessage) decoder.decode(request, response, metadataProvider, true);
+ msg = (InboundMessage) decoder.decode(request, response, metadataProvider, true,
+ comperator);
if (MiscUtil.isEmpty(msg.getEntityID())) {
throw new InvalidProtocolRequestException("sp.pvp2.04",
@@ -138,7 +146,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
//validate receive mandate reference-value
String responseRefValue = extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME);
if (!moasession.getMandateReferenceValue().equals(responseRefValue)) {
- Logger.warn("PVP Response from ELGA mandate-service contains not all requested attributes.");
+ Logger.warn("PVP Response from ELGA mandate-service contains a not valid MandateReferenceValue.");
throw new AssertionValidationExeption("sp.pvp2.07",
new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME});
@@ -157,30 +165,35 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
//store MOASession
authenticatedSessionStorage.storeSession(moasession);
- //TODO write log entries
- //revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED);
+ //write revisions log entry
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED);
Logger.info("Receive a valid assertion from ELGA mandate-service " + msg.getEntityID());
} catch (MessageDecodingException | SecurityException e) {
String samlRequest = request.getParameter("SAMLRequest");
Logger.warn("Receive INVALID PVP Response from ELGA mandate-service: " + samlRequest, e);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from ELGA mandate-service", e);
} catch (IOException | MarshallingException | TransformerException e) {
Logger.warn("Processing PVP response from ELGA mandate-service FAILED.", e);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
throw new TaskExecutionException(pendingReq, "Processing PVP response from ELGA mandate-service FAILED.", e);
} catch (CredentialsNotAvailableException e) {
Logger.error("ELGA mandate-service: PVP response decrytion FAILED. No credential found.", e);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response decrytion FAILED. No credential found.", e);
} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
- Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage());
+ Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage());
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId());
throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e);
} catch (Exception e) {
- Logger.info("ELGA mandate-service: General Exception. Msg:" + e.getMessage());
+ Logger.info("ELGA mandate-service: General Exception. Msg:" + e.getMessage());
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
throw new TaskExecutionException(pendingReq, "ELGA mandate-service: General Exception.", e);
}
@@ -210,12 +223,36 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
return msg;
} else {
- Logger.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue()
- + " from federated IDP.");
- throw new AuthnResponseValidationException("sp.pvp2.04",
- new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
- samlResp.getIssuer().getValue(),
- samlResp.getStatus().getStatusCode().getValue()});
+ String errorMsg = "No error message";
+ StatusCode firstCode = samlResp.getStatus().getStatusCode();
+
+ //get errormessage from response
+ if (samlResp.getStatus().getStatusMessage() != null &&
+ MiscUtil.isNotEmpty(samlResp.getStatus().getStatusMessage().getMessage()))
+ errorMsg = samlResp.getStatus().getStatusMessage().getMessage();
+
+ //extract response status-codes
+ if (firstCode.getStatusCode() == null) {
+ Logger.info("Receive StatusCode:" + firstCode.getValue() + " | Msg:" + errorMsg
+ + " from federated IDP.");
+ throw new AuthnResponseValidationException("sp.pvp2.05",
+ new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+ samlResp.getIssuer().getValue(),
+ firstCode.getValue(),
+ samlResp.getStatus().getStatusMessage().getMessage()});
+
+ } else {
+ StatusCode secondCode = firstCode.getStatusCode();
+ Logger.info("Receive StatusCode:" + firstCode.getValue() + " -> StatusCode:" + secondCode.getValue()
+ + " | Msg:" + errorMsg + " from federated IDP.");
+ throw new AuthnResponseValidationException("sp.pvp2.09",
+ new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+ samlResp.getIssuer().getValue(),
+ firstCode.getValue(),
+ secondCode.getValue(),
+ samlResp.getStatus().getStatusMessage().getMessage()});
+
+ }
}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index bcd8076bc..2a3e72640 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -34,6 +34,7 @@ import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -92,7 +93,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
authnReqConfig.setPassive(false);
authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential());
authnReqConfig.setSPEntityID(pendingReq.getAuthURL() + ELGAMandatesAuthConstants.ENDPOINT_METADATA);
-
+
//set bPK of representative
String representativeBPK = null;
@@ -129,15 +130,19 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
}
}
-
- //TODO: check subjectNameID: as per PVP S-Profile specification,
- // subjectNameID starts with target postfix (like. GH:xxxxxxxxxxxxx)
+
+ //set bPK of representative as SAML2 subjectNameID
authnReqConfig.setSubjectNameID(representativeBPK );
+ authnReqConfig.setSubjectNameIDQualifier(configTarget);
+
+ //set MandateReferenceValue as RequestID
+ authnReqConfig.setRequestID(moasession.getMandateReferenceValue());
//build and transmit AuthnRequest
authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
- //TODO: TODO: add revisionslog entries
+ //write revisions log entry
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_REQUESTED, moasession.getMandateReferenceValue());
} catch (MetadataProviderException e) {
throw new TaskExecutionException(pendingReq, "ELGA Mandate-Service metadata problem", new ELGAMetadataException("service.10",
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index 6deb8eb2b..49f131983 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -197,13 +197,12 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
filter,
ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);
- metadataProvider.setRequireValidMetadata(true);
-
-
if (metadataProvider == null) {
Logger.error("Create ELGA Mandate-Service Client FAILED.");
throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadaa provider.");
}
+
+ metadataProvider.setRequireValidMetadata(true);
}
}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
index b648e4d27..8cd08d226 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
@@ -5,7 +5,7 @@
- National authentication with Austrian Citizen Card and mobile signature with our without mandate.
- Legacy authentication for foreign citizens using MOCCA supported signature cards.
-->
- <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" />
+ <pd:Task id="elgaInitializeBKUAuthentication" class="ELGAInitializeBKUAuthenticationTask" />
<pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" />
<pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" />
<pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" />
@@ -25,9 +25,9 @@
<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
<pd:StartEvent id="start" />
- <pd:Transition from="start" to="initializeBKUAuthentication" />
+ <pd:Transition from="start" to="elgaInitializeBKUAuthentication" />
- <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />
+ <pd:Transition from="elgaInitializeBKUAuthentication" to="createIdentityLinkForm" />
<pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
@@ -43,7 +43,7 @@
<pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
<pd:Transition from="verifyCertificate" to="getForeignID" />
- <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" />
+ <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
<pd:Transition from="verifyAuthBlock" to="requestELGAMandateTask" conditionExpression="ctx['useELGAMandate']" />
<pd:Transition from="verifyAuthBlock" to="finalizeAuthentication" />
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
index 6e567a42c..c1abe78df 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
@@ -27,6 +27,10 @@
class="at.gv.egovernment.moa.id.auth.modules.elgamandates.controller.ELGAMandateSignalController"/>
<!-- Federated Authentication Process Tasks -->
+ <bean id="ELGAInitializeBKUAuthenticationTask"
+ class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.ELGAInitializeBKUAuthenticationTask"
+ scope="prototype"/>
+
<bean id="RequestELGAMandateTask"
class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.RequestELGAMandateTask"
scope="prototype"/>