aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-10-22 13:03:52 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-10-22 13:03:52 +0200
commitdeebaf058efe2203f0e6844de7cb6b09374cab7c (patch)
treef216e2861c15ef1f0528d6625db8e30bff84ed9b /id/server
parent45a8fe220eabaf060ef42704a2b51104de7f73a8 (diff)
downloadmoa-id-spss-deebaf058efe2203f0e6844de7cb6b09374cab7c.tar.gz
moa-id-spss-deebaf058efe2203f0e6844de7cb6b09374cab7c.tar.bz2
moa-id-spss-deebaf058efe2203f0e6844de7cb6b09374cab7c.zip
add VIDP gateway process-flow to national infrastructure
Diffstat (limited to 'id/server')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java38
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties3
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties1
5 files changed, 47 insertions, 12 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index ff294dc3d..68545e1c2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -100,6 +100,7 @@ public class SSOManager {
if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) {
Logger.info("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP());
+ return;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 3bd827667..95597e0ad 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -22,7 +22,6 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.stork2;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -38,6 +37,7 @@ import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
import eu.stork.peps.auth.commons.*;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
@@ -67,14 +67,11 @@ public class AuthenticationRequest implements IAction {
private VelocityEngine velocityEngine;
- private IAuthData authData = null;
private MOASTORKRequest moaStorkRequest = null;
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
- this.authData = authData;
-
if ((req instanceof MOASTORKRequest)) { // && ( ((MOASTORKRequest) req).getCitizenCountryCode() == null || ((MOASTORKRequest) req).getCitizenCountryCode().equals("AT") )) {
this.moaStorkRequest = (MOASTORKRequest) req;
@@ -111,7 +108,10 @@ public class AuthenticationRequest implements IAction {
// }
// Get personal attributtes from MOA/IdentityLink
- moaStorkResponse.setPersonalAttributeList(populateAttributes(oaParam));
+
+ //build STORK attributes from local authentication information
+ if (authData != null)
+ moaStorkResponse.setPersonalAttributeList(populateAttributes(authData, oaParam));
}
//moaStorkResponse.setCountry(moaStorkRequest.getSpCountry());
@@ -390,6 +390,10 @@ public class AuthenticationRequest implements IAction {
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ //redirect to national PVP IDP infrastructure if special attributes are requested
+ if (MiscUtil.isEmpty(req.getRequestedIDP()) && req instanceof MOASTORKRequest)
+ return !STORKPVPUtilits.performAuthenticationOnNationalIDP((MOASTORKRequest) req);
+
// // authentication is not needed if we have authentication request from SP for citizen of configured PEPS country
// if (req instanceof MOASTORKRequest) {
// MOASTORKRequest moastorkRequest = (MOASTORKRequest) req;
@@ -444,7 +448,7 @@ public class AuthenticationRequest implements IAction {
}
- public PersonalAttributeList populateAttributes(IOAAuthParameters oaParam) {
+ public PersonalAttributeList populateAttributes(IAuthData authData, IOAAuthParameters oaParam) {
IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList();
Logger.info("Found " + attrLst.size() + " personal attributes in the request.");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 440121417..57531992d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -23,11 +23,15 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
import eu.stork.peps.auth.commons.*;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
@@ -145,20 +149,23 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
STORKAuthnRequest authnRequest = null;
STORKAttrQueryRequest attrRequest = null;
-
-
+
// check if valid authn request is contained
try {
authnRequest = engine.validateSTORKAuthnRequest(decSamlToken);
+
} catch (STORKSAMLEngineException ex) {
Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage());
+
} catch (ClassCastException e) {
// we do not have a authnRequest
// check if a valid attr request is container
try {
attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken);
+
} catch (STORKSAMLEngineException ex) {
Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage());
+
}
}
@@ -176,11 +183,32 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
Logger.error("Exception, attributes: " + e.getMessage());
}
-
STORK2Request.setSTORKAuthnRequest(authnRequest);
STORK2Request.setSTORKAttrRequest(attrRequest);
-
-
+
+ //check if OA is instance of VIDP or STORKPVPGateway
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(STORK2Request.getOAURL());
+ if (oaParam == null)
+ throw new AuthenticationException("stork.12", new Object[]{STORK2Request.getOAURL()});
+
+ else {
+ if (oaParam.isSTORKPVPGateway()) {
+ if (MiscUtil.isNotEmpty(oaParam.getSTORKPVPForwardEntity())) {
+ Logger.info("Received request for STORK->PVP gateway. " +
+ "Forward to PVP portal with entiyID " + oaParam.getSTORKPVPForwardEntity() +
+ " ..." );
+ STORK2Request.setRequestedIDP(oaParam.getSTORKPVPForwardEntity());
+
+ } else {
+ Logger.error("InterfederatedGateway configuration with ID " + STORK2Request.getOAURL() +
+ " not configure a forward entityID.");
+ throw new MOAIDException("", null);
+
+ }
+ }
+
+ }
+
return STORK2Request;
} else {
throw new MOAIDException("stork.14", null); // TODO Specify message
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 9bfa14a7c..361c6b5ee 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -72,7 +72,8 @@ config.17=Fehler beim initialisieren von Hibernate
config.18=Keine MOA-ID 2.x Konfiguration gefunden.
config.19=Kein Schl\u00FCssel f\u00FCr die Resignierung der Personenbindung gefunden.
config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt
-config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterlegt.
+config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterlegt.
+config.22=F\u00FCr den Interfederation-Gateway mit der ID {0} ist kein Endpunkt zur Weiterleitung konfiguriert.
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 3f9cf2f1d..085625972 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -52,6 +52,7 @@ config.18=9199
config.19=9199
config.20=9199
config.21=9006
+config.22=9008
parser.00=1101
parser.01=1101