diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2019-12-11 16:01:38 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2019-12-11 16:01:38 +0100 |
commit | e4fa532f93f10115e1f39c97cc96e5950a048884 (patch) | |
tree | b919a752f77a37fbae7407b3864e05b1416c1dcc /id/server/modules/moa-id-modules-federated_authentication/src/main/java | |
parent | 84b0604fa11e7f73e3e78b981d628f768a880f35 (diff) | |
download | moa-id-spss-e4fa532f93f10115e1f39c97cc96e5950a048884.tar.gz moa-id-spss-e4fa532f93f10115e1f39c97cc96e5950a048884.tar.bz2 moa-id-spss-e4fa532f93f10115e1f39c97cc96e5950a048884.zip |
update to EAAF-Components 1.0.13.1
Enforce E-ID authentication based on Service-Provider configuration
Diffstat (limited to 'id/server/modules/moa-id-modules-federated_authentication/src/main/java')
3 files changed, 9 insertions, 4 deletions
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java index 4068d2d99..e50836712 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java @@ -22,6 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules.federatedauth; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; @@ -45,7 +46,7 @@ public class FederatedAuthenticationModuleImpl implements AuthModule { * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { + public String selectProcess(ExecutionContext context, IRequest pendingReq) { //select interfederation authentication if PERFORM_INTERFEDERATION_AUTH flag is set Object performfedAuthObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH); if (performfedAuthObj != null && performfedAuthObj instanceof Boolean) { diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java index d0d97e9e8..a798679d7 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java @@ -36,6 +36,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; @@ -64,6 +65,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { @Autowired FederatedAuthCredentialProvider credential; @Autowired(required=true) MOAMetadataProvider metadataProvider; @Autowired(required=true) ILoALevelMapper loaMapper; + @Autowired(required=true) protected IConfigurationWithSP authConfigWithSp; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -82,7 +84,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { } //load IDP configuration from MOA-ID Configuration - IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(idpEntityID, IOAAuthParameters.class); + IOAAuthParameters idpConfig = authConfigWithSp.getServiceProviderConfiguration(idpEntityID, IOAAuthParameters.class); //validate IDP if (!idpConfig.isInderfederationIDP() || !idpConfig.isInboundSSOInterfederationAllowed()) { Logger.info("Requested interfederation IDP " + idpEntityID + " is not valid for interfederation."); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java index 6b6d1a196..7dce22d81 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java @@ -42,6 +42,7 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; @@ -94,6 +95,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { @Autowired private AuthenticationDataBuilder authDataBuilder; @Autowired(required=true) MOAMetadataProvider metadataProvider; @Autowired(required=true) protected IAuthenticationSessionStoreage authenticatedSessionStorage; + @Autowired(required=true) protected IConfigurationWithSP authConfigWithSp; /* (non-Javadoc) @@ -150,7 +152,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg); //load IDP and SP configuration - IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); + IOAAuthParameters idpConfig = authConfigWithSp.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); IOAAuthParameters spConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); //check if response Entity is valid @@ -224,7 +226,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { if (msg != null) { IOAAuthParameters idpConfig = null; try { - idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); + idpConfig = authConfigWithSp.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); //remove federated IDP from SSO session if exists ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request); |