diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2019-12-13 10:13:05 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2019-12-13 10:13:05 +0100 |
commit | 6fc2e600055d4737ce94d8a012eb3764bd7e93c8 (patch) | |
tree | 56aebaaac2c87458ebfd798a2c66f95718e1dd4e /id/server/modules/moa-id-modules-saml1 | |
parent | de2e45024694c7eb5e033bc6b1bcb90f5f499b07 (diff) | |
parent | bea0d19650b5fbbb48fcda0f39ef3a93d6cf6f1f (diff) | |
download | moa-id-spss-6fc2e600055d4737ce94d8a012eb3764bd7e93c8.tar.gz moa-id-spss-6fc2e600055d4737ce94d8a012eb3764bd7e93c8.tar.bz2 moa-id-spss-6fc2e600055d4737ce94d8a012eb3764bd7e93c8.zip |
Merge branch 'current_development' into development_preview
# Conflicts:
# id/history.txt
# id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
# pom.xml
Diffstat (limited to 'id/server/modules/moa-id-modules-saml1')
3 files changed, 110 insertions, 5 deletions
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 3a401d80e..9c27134d0 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modules</artifactId> - <version>${moa-id-version}</version> + <version>4.1.0</version> </parent> <artifactId>moa-id-module-saml1</artifactId> diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 7a9557baf..af8211dee 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -53,6 +53,9 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDEIDTokenBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -67,6 +70,7 @@ import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; @@ -78,7 +82,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBui import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -393,6 +396,42 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } + try { + String onlineIDL = new EIDEIDTokenBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(onlineIDL)) { + Logger.trace("Adding Online-IDL: " + onlineIDL + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.EID_E_ID_TOKEN_FRIENDLY_NAME, onlineIDL, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional 'Online-IDL' attribute. Reason: " + e.getMessage()); + + } + + try { + String eidStatusLevel = new EidIdentityStatusLevelAttributeBuiler().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(eidStatusLevel)) { + Logger.trace("Adding IdentityStatusLevel: " + eidStatusLevel + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME, eidStatusLevel, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional 'IdentityStatusLevel' attribute. Reason: " + e.getMessage()); + + } + //for mandates try { String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build( @@ -429,12 +468,15 @@ public class SAML1AuthenticationServer extends AuthenticationServer { Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage()); } + + } String samlAssertion = null; //add mandate info's if (authData.isUseMandate()) { + //only provide full mandate if it is included. if (saml1parameter.isProvideFullMandatorData() && authData.getMISMandate() != null) { @@ -506,8 +548,12 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } } + //build mandateDate Attribute String mandateDate = generateMandateDate(oaParam, authData); + //build RepresentationType and + generateRepresentationTypeAndOWInfos(oaAttributes, oaParam, authData); + samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate( authData, prPerson, @@ -553,6 +599,65 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } + private void generateRepresentationTypeAndOWInfos(List<ExtendedSAMLAttribute> oaAttributes, + IOAAuthParameters oaParam, SAML1AuthenticationData authData) { + boolean isRepresentationTypeSet = false; + boolean isOWOIDSet = false; + boolean isOWFriendlyNameSet = false; + + for (ExtendedSAMLAttribute el : oaAttributes) { + if (EXT_SAML_MANDATE_REPRESENTATIONTYPE.equals(el.getName())) + isRepresentationTypeSet = true; + + if (EXT_SAML_MANDATE_OID.equals(el.getName())) + isOWOIDSet = true; + + if (EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION.equals(el.getName())) + isOWFriendlyNameSet = true; + } + + + if (!isRepresentationTypeSet) + oaAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_REPRESENTATIONTYPE, + EXT_SAML_MANDATE_REPRESENTATIONTEXT, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + + String oid = null; + String oidDescription = null; + + if (authData.getMISMandate() != null) { + oid = authData.getMISMandate().getProfRep(); + oidDescription = authData.getMISMandate().getTextualDescriptionOfOID(); + + } else { + oid = authData.getGenericData(PVPConstants.MANDATE_PROF_REP_OID_NAME, String.class); + oidDescription = authData.getGenericData(PVPConstants.MANDATE_PROF_REP_DESC_NAME, String.class); + + } + + + + + if (!isOWOIDSet && oid != null) + oaAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_OID, oid, + SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + if (!isOWFriendlyNameSet && oidDescription != null) + oaAttributes.add(new ExtendedSAMLAttributeImpl( + EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, + oidDescription, SZRGWConstants.MANDATE_NS, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + + + } + + private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData ) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 20c66d7a2..bb1f3c155 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -42,7 +42,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; -import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; @@ -66,7 +66,7 @@ import at.gv.egovernment.moa.util.URLEncoder; */ @Controller -public class SAML1Protocol extends AbstractAuthProtocolModulController implements IModulInfo { +public class SAML1Protocol extends AbstractController implements IModulInfo { @Autowired private SAML1AuthenticationServer saml1AuthServer; @@ -127,7 +127,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement //preProcess SAML1 Request preProcess(req, resp, pendingReq); - performAuthentication(req, resp, pendingReq); + protAuthService.performAuthentication(req, resp, pendingReq); return; } |