aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-02-06 15:42:53 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-02-06 15:42:53 +0100
commit1c567f6eb16fa10d3811fbaaf70c4ab04fb08077 (patch)
tree6b999ab47897622daddabfc9e4819bcc56ea00c9 /id/server
parentf9b31bdc4781d6eca20bc2d993f08f6a4eb462f2 (diff)
downloadmoa-id-spss-1c567f6eb16fa10d3811fbaaf70c4ab04fb08077.tar.gz
moa-id-spss-1c567f6eb16fa10d3811fbaaf70c4ab04fb08077.tar.bz2
moa-id-spss-1c567f6eb16fa10d3811fbaaf70c4ab04fb08077.zip
BRZ:
-add SAML1 SourceID parameter in moa-id general Bugfix: -SSO target had an error in case of business-service -OA with business-service whichout single sign-on produce an error
Diffstat (limited to 'id/server')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java24
-rw-r--r--id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd46
6 files changed, 84 insertions, 75 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 06d5b01bd..a5e92c701 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -2,6 +2,7 @@
package at.gv.egovernment.moa.id.auth;
import iaik.asn1.ObjectID;
+import iaik.util.logging.Log;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
@@ -250,16 +251,27 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String infoboxReadRequest = "";
+ String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim();
+ if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) {
+ //do not use SSO if no Target is set
+ Log.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!");
+ session.setSsoRequested(false);
+
+ }
+
if (session.isSsoRequested()) {
//load identityLink with SSO Target
boolean isbuisness = false;
- String domainIdentifier = "";
- IdentificationNumber ssobusiness = AuthConfigurationProvider.getInstance().getSSOBusinessService();
- if (ssobusiness != null) {
+
+ if (domainIdentifier.startsWith(PREFIX_WPBK)) {
+
+ isbuisness = false;
+
+ } else {
isbuisness = true;
- domainIdentifier = ssobusiness.getValue();
+
}
-
+
//build ReadInfobox request
infoboxReadRequest = new InfoboxReadRequestBuilder().build(
isbuisness, domainIdentifier);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index f555cfb9a..060dc2248 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -104,6 +104,8 @@ public interface MOAIDAuthConstants {
// /** the number of the certifcate extension for party organ representatives */
// public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10";
+ public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+";
+
/** OW */
public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
index 3432a19b1..dc5ec430e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
@@ -136,27 +136,6 @@ public class ConfigurationProvider {
}
/**
- * Returns the mapping of generic configuration properties.
- *
- * @return The mapping of generic configuration properties (a name to value
- * mapping) from the configuration.
- */
- public Map<String, String> getGenericConfiguration() {
- return genericConfiguration;
- }
-
- /**
- * Returns the value of a parameter from the generic configuration section.
- *
- * @return the parameter value; <code>null</code> if no such parameter
- */
- public String getGenericConfigurationParameter(String parameter) {
- if (! genericConfiguration.containsKey(parameter))
- return null;
- return (String)genericConfiguration.get(parameter);
- }
-
- /**
* Return the chaining mode for a given trust anchor.
*
* @param trustAnchor The trust anchor for which the chaining mode should be
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 1804b5fd5..304b63de0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -519,6 +519,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
if (protocols.getSAML1() != null) {
allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive());
+
+ //load alternative sourceID
+ if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID()))
+ alternativesourceid = protocols.getSAML1().getSourceID();
+
}
if (protocols.getOAuth() != null) {
@@ -562,8 +567,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
}
//set alternativeSourceID
- if (auth.getGeneralConfiguration() != null)
- alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID();
+ if (auth.getGeneralConfiguration() != null)
+
+ //TODO: can be removed in a further version, because it is moved to SAML1 config
+ if (MiscUtil.isEmpty(alternativesourceid))
+ alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID();
// sets the authentication session and authentication data time outs
BigInteger param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated();
@@ -744,7 +752,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
}
public ProtocolAllowed getAllowedProtocols() {
- return this.allowedProtcols;
+ return allowedProtcols;
}
public PVP2 getGeneralPVP2DBConfig() {
@@ -895,27 +903,27 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
}
}
- public boolean isSSOBusinessService() throws ConfigurationException {
-
- if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null)
- return true;
- else
- return false;
- }
+// public boolean isSSOBusinessService() throws ConfigurationException {
+//
+// if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null)
+// return true;
+// else
+// return false;
+// }
- public IdentificationNumber getSSOBusinessService() throws ConfigurationException {
+ public String getSSOTagetIdentifier() throws ConfigurationException {
if (ssoconfig != null)
- return ssoconfig.getIdentificationNumber();
+ return ssoconfig.getTarget();
else
return null;
}
- public String getSSOTarget() throws ConfigurationException {
- if (ssoconfig!= null)
- return ssoconfig.getTarget();
-
- return null;
- }
+// public String getSSOTarget() throws ConfigurationException {
+// if (ssoconfig!= null)
+// return ssoconfig.getTarget();
+//
+// return null;
+// }
public String getSSOFriendlyName() {
if (ssoconfig!= null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
index f515ea6bd..7ecd7dde8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -58,11 +58,13 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAuth;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1;
import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
@@ -141,11 +143,7 @@ public class BuildFromLegacyConfig {
//Load generic Config
Map<String, String> genericConfiguration = builder.buildGenericConfiguration();
GeneralConfiguration authGeneral = new GeneralConfiguration();
-
- if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID))
- authGeneral.setAlternativeSourceID(
- (String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID));
-
+
if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))
authGeneral.setTrustManagerRevocationChecking(
Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)));
@@ -179,6 +177,19 @@ public class BuildFromLegacyConfig {
final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x");
prot_legacy.setProtocolName(PROTOCOLS_LEGACY_ALLOWED);
+ //set SAML1 config
+ SAML1 saml1 = new SAML1();
+ saml1.setIsActive(true);
+ if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID))
+ saml1.setSourceID((String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID));
+ auth_protocols.setSAML1(saml1);
+
+ //set OAuth config
+ OAuth oauth = new OAuth();
+ oauth.setIsActive(true);
+ auth_protocols.setOAuth(oauth);
+
+ //set PVP2.1 config
PVP2 prot_pvp2 = new PVP2();
auth_protocols.setPVP2(prot_pvp2);
prot_pvp2.setPublicURLPrefix("https://....");
@@ -188,7 +199,7 @@ public class BuildFromLegacyConfig {
prot_pvp2.setOrganization(pvp2_org);
pvp2_org.setDisplayName("OrganisationDisplayName");
pvp2_org.setName("OrganisatioName");
- pvp2_org.setURL("http://www.egiz.gv.at");
+ pvp2_org.setURL("http://testorganisation.at");
List<Contact> pvp2_contacts = new ArrayList<Contact>();
prot_pvp2.setContact(pvp2_contacts);
@@ -357,7 +368,6 @@ public class BuildFromLegacyConfig {
// oa_auth.setUseIFrame(false);
// oa_auth.setUseUTC(oa.getUseUTC());
-
//BKUURLs
BKUURLS bkuurls = new BKUURLS();
bkuurls.setOnlineBKU(oldbkuonline);
diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
index 33ad5c990..7944a7321 100644
--- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
+++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
@@ -79,8 +79,8 @@
</xsd:simpleType>
<xsd:complexType name="StorkAttribute">
<xsd:sequence>
- <xsd:element name="name" type="xsd:string"></xsd:element>
- <xsd:element name="mandatory" type="xsd:boolean"></xsd:element>
+ <xsd:element name="name" type="xsd:string"/>
+ <xsd:element name="mandatory" type="xsd:boolean"/>
</xsd:sequence>
</xsd:complexType>
<xsd:simpleType name="LoginType">
@@ -281,6 +281,9 @@
<xsd:sequence>
<xsd:element name="SAML1" minOccurs="0">
<xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="SourceID" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
<xsd:attribute name="isActive" type="xsd:boolean" default="false"/>
</xsd:complexType>
</xsd:element>
@@ -860,10 +863,10 @@
<xsd:element ref="SAMLSigningParameter"/>
</xsd:sequence>
<xsd:sequence>
- <xsd:element ref="QualityAuthenticationAssuranceLevel" minOccurs="0" />
+ <xsd:element ref="QualityAuthenticationAssuranceLevel" minOccurs="0"/>
</xsd:sequence>
<xsd:sequence>
- <xsd:element ref="Attributes" maxOccurs="unbounded" minOccurs="0" />
+ <xsd:element ref="Attributes" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:choice>
</xsd:complexType>
@@ -926,15 +929,14 @@
</xsd:sequence>
</xsd:complexType>
</xsd:element>
- <xsd:element name="OA_STORK">
- <xsd:complexType>
+ <xsd:element name="OA_STORK">
+ <xsd:complexType>
<xsd:sequence>
- <xsd:element name="StorkLogonEnabled"
- type="xsd:boolean" />
- <xsd:element ref="Qaa" maxOccurs="1" minOccurs="0"></xsd:element>
- <xsd:element ref="OAAttributes" maxOccurs="unbounded" minOccurs="0"></xsd:element>
+ <xsd:element name="StorkLogonEnabled" type="xsd:boolean"/>
+ <xsd:element ref="Qaa" minOccurs="0" maxOccurs="1"/>
+ <xsd:element ref="OAAttributes" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
- </xsd:complexType>
+ </xsd:complexType>
</xsd:element>
<xsd:element name="Contact">
<xsd:complexType>
@@ -997,17 +999,13 @@
<xsd:element name="OnlyMandateLoginAllowed" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/>
</xsd:sequence>
</xsd:complexType>
-
- <xsd:element name="Attributes" type="StorkAttribute"></xsd:element>
-
- <xsd:element name="Qaa" type="QualityAuthenticationAssuranceLevelType"></xsd:element>
-
- <xsd:complexType name="OAStorkAttribute">
- <xsd:sequence>
- <xsd:element name="mandatory" type="xsd:boolean"></xsd:element>
- <xsd:element name="name" type="xsd:string"></xsd:element>
- </xsd:sequence>
- </xsd:complexType>
-
- <xsd:element name="OAAttributes" type="OAStorkAttribute"></xsd:element>
+ <xsd:element name="Attributes" type="StorkAttribute"/>
+ <xsd:element name="Qaa" type="QualityAuthenticationAssuranceLevelType"/>
+ <xsd:complexType name="OAStorkAttribute">
+ <xsd:sequence>
+ <xsd:element name="mandatory" type="xsd:boolean"/>
+ <xsd:element name="name" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:element name="OAAttributes" type="OAStorkAttribute"/>
</xsd:schema>