diff options
author | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2014-02-26 19:28:55 +0100 |
---|---|---|
committer | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2014-02-26 19:28:55 +0100 |
commit | 27b4ca05aeac39b0a180a13e44ed354e80fb47dd (patch) | |
tree | 4c97ea94af196723e18c80f544a796d4b39b6b16 /id | |
parent | 11e26b97a643704f17f34e7424269325ed51472d (diff) | |
download | moa-id-spss-27b4ca05aeac39b0a180a13e44ed354e80fb47dd.tar.gz moa-id-spss-27b4ca05aeac39b0a180a13e44ed354e80fb47dd.tar.bz2 moa-id-spss-27b4ca05aeac39b0a180a13e44ed354e80fb47dd.zip |
attribute collector
Diffstat (limited to 'id')
4 files changed, 133 insertions, 8 deletions
diff --git a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml index e6a29ea18..75245d8f0 100644 --- a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml +++ b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml @@ -33,5 +33,21 @@ </configuration> </instance> + <instance name="VIDP"> + <!-- Configurations parameters StorkSamlEngine --> + <configuration name="SamlEngineConf"> + <parameter name="fileConfiguration" value="StorkSamlEngine_VIDP.xml" /> + </configuration> + + <!-- Settings module signature--> + <configuration name="SignatureConf"> + <!-- Specific signature module --> + <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" /> + <!-- Settings specific module --> + <parameter name="fileConfiguration" value="SignModule_incoming.xml" /> + </configuration> + </instance> + + </instances> diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml new file mode 100644 index 000000000..fb786529a --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml @@ -0,0 +1,93 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> + +<properties> + <comment>SAML constants for AuthnRequests and Responses.</comment> + + <!-- + Types of consent obtained from the user for this authentication and + data transfer. + Allow values: 'unspecified'. + --> + <entry key="consentAuthnRequest">unspecified</entry> + + <!-- + Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'. + --> + <entry key="consentAuthnResponse">obtained</entry> + + <!--URI representing the classification of the identifier + Allow values: 'entity'. + --> + <entry key="formatEntity">entity</entry> + + <!--Only HTTP-POST binding is only supported for inter PEPS--> + <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP--> + <entry key="protocolBinding">HTTP-POST</entry> + + + + + <!--URI representing the classification of the identifier + Allow values: 'entity'. + <entry key="eIDSectorShare">true</entry> + <entry key="eIDCrossSectorShare">true</entry> + <entry key="eIDCrossBorderShare">true</entry> + --> + + + + <!-- A friendly name for the attribute that can be displayed to a user --> + <entry key="friendlyName">false</entry> + + <!-- A friendly name for the attribute that can be displayed to a user --> + <entry key="isRequired">true</entry> + + <!--PEPS in the Service Provider's country--> + <entry key="requester">http://S-PEPS.gov.xx</entry> + + <!--PEPS in the citizen's origin country--> + <entry key="responder">http://C-PEPS.gov.xx</entry> + + <!--Subject cannot be confirmed on or after this seconds time (positive number)--> + <entry key="timeNotOnOrAfter">300</entry> + + <!--Validation IP of the response--> + <entry key="ipAddrValidation">false</entry> + + + <!--Subject Attribute Definitions--> + <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry> + <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry> + <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry> + <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry> + <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry> + <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry> + <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry> + <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry> + <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry> + <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry> + <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry> + <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry> + <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry> + <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry> + <entry key="age">http://www.stork.gov.eu/1.0/age</entry> + <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry> + + <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry> + <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry> + + <entry key="title">http://www.stork.gov.eu/1.0/title</entry> + <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry> + + <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry> + <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry> + + <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry> + <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry> + <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry> + <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry> + <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry> + <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry> + +</properties> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index bc5a0c0c6..57c68e94c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -69,6 +69,7 @@ public class AttributeCollector implements IAction { } catch (UnsupportedAttributeException e1) { // the current provider cannot find anything familiar within the // provided httpreq. Try the next one. + // TODO check the loop } if (null == newAttributes) { @@ -89,6 +90,8 @@ public class AttributeCollector implements IAction { throw new MOAIDException("stork.11", null); } + + // - insert the embedded attribute(s) into the container for (PersonalAttribute current : newAttributes) container.getResponse().getPersonalAttributeList().add(current); @@ -117,6 +120,7 @@ public class AttributeCollector implements IAction { if (!responseAttributeList.containsKey(current)) missingAttributes.add(current); + // Try to get all missing attributes try { // for each attribute still missing for (PersonalAttribute currentAttribute : missingAttributes) { @@ -138,6 +142,16 @@ public class AttributeCollector implements IAction { } } + + // build response + generateSTORKResponse(); + + // set new http response + generateRedirectResponse(); + response = httpResp; + + return "12345"; // AssertionId + } catch (ExternalAttributeRequestRequiredException e) { // the attribute request is ongoing and requires an external service. try { @@ -145,6 +159,13 @@ public class AttributeCollector implements IAction { // - generate new key String newArtifactId = new SecureRandomIdentifierGenerator() .generateIdentifier(); + // - put container in temporary store. + AssertionStorage.getInstance().put(newArtifactId, container); + + // add container-key to redirect embedded within the return URL + e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); + + } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); @@ -154,14 +175,7 @@ public class AttributeCollector implements IAction { return "12345"; // TODO what to do here? } - // build response - generateSTORKResponse(); - - // set new http response - generateRedirectResponse(); - response = httpResp; - return "12345"; // AssertionId } @@ -171,7 +185,7 @@ public class AttributeCollector implements IAction { try { //Get SAMLEngine instance - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("vidp"); + STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); Logger.debug("Starting generation of SAML response"); authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index b3f009ae2..d4996c26a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -105,6 +105,8 @@ public class AuthenticationRequest implements IAction { // - memorize the target url were we have to return the result container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + container.setRemoteAddress(httpReq.getRemoteAddr()); + Logger.debug("Data container prepared"); |