diff options
author | Florian Reimair <florian.reimair@iaik.tugraz.at> | 2015-04-14 13:58:27 +0200 |
---|---|---|
committer | Florian Reimair <florian.reimair@iaik.tugraz.at> | 2015-04-14 17:01:49 +0200 |
commit | 945c4d28535724f0a54d220f9eb0ebd25b8227c4 (patch) | |
tree | 26fa5ffb6772442a12fd7f946e4017d0407edd87 /id/server/modules/module-stork | |
parent | a6189a32a78d2b3ed096356f6b7e0049c8870b21 (diff) | |
download | moa-id-spss-945c4d28535724f0a54d220f9eb0ebd25b8227c4.tar.gz moa-id-spss-945c4d28535724f0a54d220f9eb0ebd25b8227c4.tar.bz2 moa-id-spss-945c4d28535724f0a54d220f9eb0ebd25b8227c4.zip |
respect multi-part stork responses
Diffstat (limited to 'id/server/modules/module-stork')
2 files changed, 27 insertions, 14 deletions
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java index 3338804b4..e2c3880ac 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java @@ -136,7 +136,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep try {
// validate SAML Token
Logger.debug("Starting validation of SAML response");
- authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+ authnResponse = engine.validateSTORKAuthnResponseWithQuery(decSamlToken, (String) request.getRemoteHost());
Logger.info("SAML response succesfully verified!");
} catch (STORKSAMLEngineException e) {
Logger.error("Failed to verify STORK SAML Response", e);
@@ -211,10 +211,16 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
- // //////////// incorporate gender from parameters if not in stork response
- IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+ // first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled
+ // with ALL attributes when there is more than one assertion in the SAML2 STORK message.
+ IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList();
+
+ // if the list is empty, there was just one assertion... probably
+ if(attributeList.isEmpty())
+ attributeList = authnResponse.getPersonalAttributeList();
+ // //////////// incorporate gender from parameters if not in stork response
// but first, check if we have a representation case
if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
|| STORKResponseProcessor.hasAttribute("representative", attributeList)
@@ -233,7 +239,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep tmp.add(gendervalue);
gender.setValue(tmp);
- authnResponse.getPersonalAttributeList().add(gender);
+ attributeList.add(gender);
}
}
}
@@ -246,7 +252,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep // extract signed doc element and citizen signature
String citizenSignature = null;
try {
- PersonalAttribute signedDoc = authnResponse.getPersonalAttributeList().get("signedDoc");
+ PersonalAttribute signedDoc = attributeList.get("signedDoc");
String signatureInfo = null;
// FIXME: Remove nonsense code (signedDoc attribute... (throw Exception for "should not occur" situations)), adjust error messages in order to reflect the true problem...
if (signedDoc != null) {
@@ -259,7 +265,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep // store authnResponse
// moaSession.setAuthnResponse(authnResponse);//not serializable
- moaSession.setAuthnResponseGetPersonalAttributeList(authnResponse.getPersonalAttributeList());
+ moaSession.setAuthnResponseGetPersonalAttributeList(attributeList);
String authnContextClassRef = null;
try {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index 6e0bd19ff..9df0ff37b 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -162,7 +162,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { try {
// validate SAML Token
Logger.debug("Starting validation of SAML response");
- authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+ authnResponse = engine.validateSTORKAuthnResponseWithQuery(decSamlToken, (String) request.getRemoteHost());
Logger.info("SAML response succesfully verified!");
} catch (STORKSAMLEngineException e) {
Logger.error("Failed to verify STORK SAML Response", e);
@@ -297,9 +297,16 @@ public class PepsConnectorTask extends AbstractAuthServletTask { Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
- // //////////// incorporate gender from parameters if not in stork response
- IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+ // first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled
+ // with ALL attributes when there is more than one assertion in the SAML2 STORK message.
+ IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList();
+
+ // if the list is empty, there was just one assertion... probably
+ if(attributeList.isEmpty())
+ attributeList = authnResponse.getPersonalAttributeList();
+
+ // //////////// incorporate gender from parameters if not in stork response
// but first, check if we have a representation case
if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
@@ -320,7 +327,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { tmp.add(gendervalue);
gender.setValue(tmp);
- authnResponse.getPersonalAttributeList().add(gender);
+ attributeList.add(gender);
}
}
}
@@ -336,15 +343,15 @@ public class PepsConnectorTask extends AbstractAuthServletTask { // extract signed doc element and citizen signature
try {
- if (authnResponse.getPersonalAttributeList().get("signedDoc") == null
- || authnResponse.getPersonalAttributeList().get("signedDoc").getValue() == null
- || authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0) == null) {
+ if (attributeList.get("signedDoc") == null
+ || attributeList.get("signedDoc").getValue() == null
+ || attributeList.get("signedDoc").getValue().get(0) == null) {
Logger.info("STORK Response include NO signedDoc attribute!");
throw new STORKException("STORK Response include NO signedDoc attribute.");
}
- String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0);
+ String signatureInfo = attributeList.get("signedDoc").getValue().get(0);
Logger.debug("signatureInfo:" + signatureInfo);
|