aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-11-29 08:13:34 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-11-29 08:13:34 +0100
commitbbeef4d494f2af3b60a8093258887e4223dbe5d7 (patch)
treec4395211b8608b4952393b21a849131a8bd6cef2 /id
parentb77f94b81123ddf50ea02fd893254579dc220880 (diff)
downloadmoa-id-spss-bbeef4d494f2af3b60a8093258887e4223dbe5d7.tar.gz
moa-id-spss-bbeef4d494f2af3b60a8093258887e4223dbe5d7.tar.bz2
moa-id-spss-bbeef4d494f2af3b60a8093258887e4223dbe5d7.zip
Fix problem in SAML2 AuthnRequestValidator
Diffstat (limited to 'id')
-rw-r--r--id/history.txt1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java24
3 files changed, 17 insertions, 11 deletions
diff --git a/id/history.txt b/id/history.txt
index c0b12dd1c..8d1495e30 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -8,6 +8,7 @@ Version MOA-ID Release 3.3.0: Änderungen seit Version MOA-ID 3.2.3
- Anpassungen des BKU Auswahl(OnlineBKU entfernt, Detection der lokalen BKU hinzugefügt)
- Anpassungen der Konfigurationsoberfläche (OnlineBKU entfernt)
- Bugfix - Problem mit openSAML welches unsignierte SAML2 AuthnRequests bei Redirect Binding ermöglicht
+ - Bugfix - Nicht spezifikationskonforme Validierung PVP2 AuthnRequest bezüglich NameIDPolicy
- Bugfix - Ungültig kodierter PVP2 Attributwert 'MANDATOR-NATURAL-PERSON-BPK'
- Bugfix - Updates an Endpunten um Cross-Site-Scripting (XSS) zu verhindern
- Code-Cleaning von unbenutzen Methoden und Klassen
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 45539da3f..196aa47af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -373,7 +373,8 @@ public class PVP2AssertionBuilder implements PVPConstants {
//get NameIDFormat from request
AuthnRequest authnReq = (AuthnRequestImpl) authnRequest;
- if (authnReq.getNameIDPolicy() != null) {
+ if (authnReq.getNameIDPolicy() != null &&
+ MiscUtil.isNotEmpty(authnReq.getNameIDPolicy().getFormat())) {
nameIDFormat = authnReq.getNameIDPolicy().getFormat();
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
index ab8fab5d1..4ae89466d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
@@ -28,6 +28,7 @@ import org.opensaml.saml2.core.NameIDPolicy;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
+import at.gv.egovernment.moaspss.logging.Logger;
/**
* @author tlenz
@@ -41,17 +42,20 @@ public class AuthnRequestValidator {
NameIDPolicy nameIDPolicy = req.getNameIDPolicy();
if (nameIDPolicy != null) {
String nameIDFormat = nameIDPolicy.getFormat();
-
- if ( !(nameIDFormat != null &&
- (NameID.TRANSIENT.equals(nameIDFormat) ||
- NameID.PERSISTENT.equals(nameIDFormat) ||
- NameID.UNSPECIFIED.equals(nameIDFormat))) ) {
-
- throw new NameIDFormatNotSupportedException(nameIDFormat);
+ if (nameIDFormat != null) {
+ if ( !(NameID.TRANSIENT.equals(nameIDFormat) ||
+ NameID.PERSISTENT.equals(nameIDFormat) ||
+ NameID.UNSPECIFIED.equals(nameIDFormat)) ) {
- }
- }
-
+ throw new NameIDFormatNotSupportedException(nameIDFormat);
+
+ }
+
+ } else
+ Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'");
+ } else
+ Logger.trace("AuthnRequest includes no 'NameIDPolicy'");
+
}