aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2019-06-05 13:10:46 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2019-06-05 13:10:46 +0200
commit0fbbb4ab83e8fae8038c14ac8de385540bc38cd2 (patch)
treed4c88ac6f1bb76db7de5ba4f6e229ed6d2da1b33 /id/server
parent66859cd53d4181350525e91c4d35071932675ca7 (diff)
downloadmoa-id-spss-0fbbb4ab83e8fae8038c14ac8de385540bc38cd2.tar.gz
moa-id-spss-0fbbb4ab83e8fae8038c14ac8de385540bc38cd2.tar.bz2
moa-id-spss-0fbbb4ab83e8fae8038c14ac8de385540bc38cd2.zip
flag session as setUseMandate if mandate attributes are received from E-ID
Diffstat (limited to 'id/server')
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java20
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java65
2 files changed, 85 insertions, 0 deletions
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java
index 6d8d85f34..9914927c5 100644
--- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java
@@ -230,6 +230,26 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
else
session.setBkuURL("E-ID_Authentication");
+ //check if mandates are included
+ if (extractor.containsAttribute(PVPConstants.MANDATE_TYPE_NAME)
+ || extractor.containsAttribute(PVPConstants.MANDATE_TYPE_OID_NAME)
+ || extractor.containsAttribute(PVPConstants.MANDATE_REFERENCE_VALUE_NAME) ) {
+
+ Logger.debug("Find Mandate-Attributes in E-ID response. Switch to mandate-mode ... ");
+ session.setUseMandates(true);
+
+ //check if mandate was used by ...
+ if (extractor.containsAttribute(PVPConstants.MANDATE_PROF_REP_OID_NAME) ||
+ extractor.containsAttribute(PVPConstants.MANDATE_PROF_REP_DESC_NAME) ) {
+ Logger.debug("Find PROF_REP information in mandate. Switch to 'Organwalter' mode ...");
+ session.setOW(true);
+
+ }
+
+ }
+
+
+
// } catch (AssertionValidationExeption e) {
// throw new BuildException("builder.06", null, e);
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index fc8fb5955..af8211dee 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -70,6 +70,7 @@ import at.gv.egovernment.moa.id.auth.exception.ServiceException;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
@@ -475,6 +476,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
String samlAssertion = null;
//add mandate info's
if (authData.isUseMandate()) {
+
//only provide full mandate if it is included.
if (saml1parameter.isProvideFullMandatorData()
&& authData.getMISMandate() != null) {
@@ -546,8 +548,12 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
}
+ //build mandateDate Attribute
String mandateDate = generateMandateDate(oaParam, authData);
+ //build RepresentationType and
+ generateRepresentationTypeAndOWInfos(oaAttributes, oaParam, authData);
+
samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate(
authData,
prPerson,
@@ -593,6 +599,65 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
+ private void generateRepresentationTypeAndOWInfos(List<ExtendedSAMLAttribute> oaAttributes,
+ IOAAuthParameters oaParam, SAML1AuthenticationData authData) {
+ boolean isRepresentationTypeSet = false;
+ boolean isOWOIDSet = false;
+ boolean isOWFriendlyNameSet = false;
+
+ for (ExtendedSAMLAttribute el : oaAttributes) {
+ if (EXT_SAML_MANDATE_REPRESENTATIONTYPE.equals(el.getName()))
+ isRepresentationTypeSet = true;
+
+ if (EXT_SAML_MANDATE_OID.equals(el.getName()))
+ isOWOIDSet = true;
+
+ if (EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION.equals(el.getName()))
+ isOWFriendlyNameSet = true;
+ }
+
+
+ if (!isRepresentationTypeSet)
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ EXT_SAML_MANDATE_REPRESENTATIONTYPE,
+ EXT_SAML_MANDATE_REPRESENTATIONTEXT,
+ SZRGWConstants.MANDATE_NS,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+
+ String oid = null;
+ String oidDescription = null;
+
+ if (authData.getMISMandate() != null) {
+ oid = authData.getMISMandate().getProfRep();
+ oidDescription = authData.getMISMandate().getTextualDescriptionOfOID();
+
+ } else {
+ oid = authData.getGenericData(PVPConstants.MANDATE_PROF_REP_OID_NAME, String.class);
+ oidDescription = authData.getGenericData(PVPConstants.MANDATE_PROF_REP_DESC_NAME, String.class);
+
+ }
+
+
+
+
+ if (!isOWOIDSet && oid != null)
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ EXT_SAML_MANDATE_OID, oid,
+ SZRGWConstants.MANDATE_NS,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ if (!isOWFriendlyNameSet && oidDescription != null)
+ oaAttributes.add(new ExtendedSAMLAttributeImpl(
+ EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION,
+ oidDescription, SZRGWConstants.MANDATE_NS,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+
+
+ }
+
+
private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData
) throws AuthenticationException, BuildException,
ParseException, ConfigurationException, ServiceException,