aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-modules-saml1
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2019-12-13 10:13:05 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2019-12-13 10:13:05 +0100
commit6fc2e600055d4737ce94d8a012eb3764bd7e93c8 (patch)
tree56aebaaac2c87458ebfd798a2c66f95718e1dd4e /id/server/modules/moa-id-modules-saml1
parentde2e45024694c7eb5e033bc6b1bcb90f5f499b07 (diff)
parentbea0d19650b5fbbb48fcda0f39ef3a93d6cf6f1f (diff)
downloadmoa-id-spss-6fc2e600055d4737ce94d8a012eb3764bd7e93c8.tar.gz
moa-id-spss-6fc2e600055d4737ce94d8a012eb3764bd7e93c8.tar.bz2
moa-id-spss-6fc2e600055d4737ce94d8a012eb3764bd7e93c8.zip
Merge branch 'current_development' into development_preview
# Conflicts: # id/history.txt # id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java # pom.xml
Diffstat (limited to 'id/server/modules/moa-id-modules-saml1')
-rw-r--r--id/server/modules/moa-id-modules-saml1/pom.xml2
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java107
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java6
3 files changed, 110 insertions, 5 deletions
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml
index 3a401d80e..9c27134d0 100644
--- a/id/server/modules/moa-id-modules-saml1/pom.xml
+++ b/id/server/modules/moa-id-modules-saml1/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modules</artifactId>
- <version>${moa-id-version}</version>
+ <version>4.1.0</version>
</parent>
<artifactId>moa-id-module-saml1</artifactId>
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 7a9557baf..af8211dee 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -53,6 +53,9 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDEIDTokenBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler;
import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
@@ -67,6 +70,7 @@ import at.gv.egovernment.moa.id.auth.exception.ServiceException;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
@@ -78,7 +82,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBui
import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -393,6 +396,42 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
+ try {
+ String onlineIDL = new EIDEIDTokenBuilder().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(onlineIDL)) {
+ Logger.trace("Adding Online-IDL: " + onlineIDL + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.EID_E_ID_TOKEN_FRIENDLY_NAME, onlineIDL,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build additional 'Online-IDL' attribute. Reason: " + e.getMessage());
+
+ }
+
+ try {
+ String eidStatusLevel = new EidIdentityStatusLevelAttributeBuiler().build(
+ oaParam,
+ authData,
+ new SimpleStringAttributeGenerator());
+ if (MiscUtil.isNotEmpty(eidStatusLevel)) {
+ Logger.trace("Adding IdentityStatusLevel: " + eidStatusLevel + " as attribute into SAML1 assertion ... ");
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME, eidStatusLevel,
+ Constants.MOA_NS_URI,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+ } catch (AttributeBuilderException e) {
+ Logger.info("Can NOT build additional 'IdentityStatusLevel' attribute. Reason: " + e.getMessage());
+
+ }
+
//for mandates
try {
String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build(
@@ -429,12 +468,15 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage());
}
+
+
}
String samlAssertion = null;
//add mandate info's
if (authData.isUseMandate()) {
+
//only provide full mandate if it is included.
if (saml1parameter.isProvideFullMandatorData()
&& authData.getMISMandate() != null) {
@@ -506,8 +548,12 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
}
+ //build mandateDate Attribute
String mandateDate = generateMandateDate(oaParam, authData);
+ //build RepresentationType and
+ generateRepresentationTypeAndOWInfos(oaAttributes, oaParam, authData);
+
samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate(
authData,
prPerson,
@@ -553,6 +599,65 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
+ private void generateRepresentationTypeAndOWInfos(List<ExtendedSAMLAttribute> oaAttributes,
+ IOAAuthParameters oaParam, SAML1AuthenticationData authData) {
+ boolean isRepresentationTypeSet = false;
+ boolean isOWOIDSet = false;
+ boolean isOWFriendlyNameSet = false;
+
+ for (ExtendedSAMLAttribute el : oaAttributes) {
+ if (EXT_SAML_MANDATE_REPRESENTATIONTYPE.equals(el.getName()))
+ isRepresentationTypeSet = true;
+
+ if (EXT_SAML_MANDATE_OID.equals(el.getName()))
+ isOWOIDSet = true;
+
+ if (EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION.equals(el.getName()))
+ isOWFriendlyNameSet = true;
+ }
+
+
+ if (!isRepresentationTypeSet)
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ EXT_SAML_MANDATE_REPRESENTATIONTYPE,
+ EXT_SAML_MANDATE_REPRESENTATIONTEXT,
+ SZRGWConstants.MANDATE_NS,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+
+ String oid = null;
+ String oidDescription = null;
+
+ if (authData.getMISMandate() != null) {
+ oid = authData.getMISMandate().getProfRep();
+ oidDescription = authData.getMISMandate().getTextualDescriptionOfOID();
+
+ } else {
+ oid = authData.getGenericData(PVPConstants.MANDATE_PROF_REP_OID_NAME, String.class);
+ oidDescription = authData.getGenericData(PVPConstants.MANDATE_PROF_REP_DESC_NAME, String.class);
+
+ }
+
+
+
+
+ if (!isOWOIDSet && oid != null)
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ EXT_SAML_MANDATE_OID, oid,
+ SZRGWConstants.MANDATE_NS,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ if (!isOWFriendlyNameSet && oidDescription != null)
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION,
+ oidDescription, SZRGWConstants.MANDATE_NS,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+
+
+ }
+
+
private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData
) throws AuthenticationException, BuildException,
ParseException, ConfigurationException, ServiceException,
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 20c66d7a2..bb1f3c155 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -42,7 +42,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
@@ -66,7 +66,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
*/
@Controller
-public class SAML1Protocol extends AbstractAuthProtocolModulController implements IModulInfo {
+public class SAML1Protocol extends AbstractController implements IModulInfo {
@Autowired private SAML1AuthenticationServer saml1AuthServer;
@@ -127,7 +127,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
//preProcess SAML1 Request
preProcess(req, resp, pendingReq);
- performAuthentication(req, resp, pendingReq);
+ protAuthService.performAuthentication(req, resp, pendingReq);
return;
}