aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-07-24 17:13:31 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-07-24 17:13:31 +0200
commitcfb70f755c45a2cad582e8030b1542add9949efb (patch)
tree039123854ab630f81dd2387d0f7636056e9e304a /id
parent71da4a9bc7e2ff79b2fb4cf8903d15fd75372859 (diff)
downloadmoa-id-spss-cfb70f755c45a2cad582e8030b1542add9949efb.tar.gz
moa-id-spss-cfb70f755c45a2cad582e8030b1542add9949efb.tar.bz2
moa-id-spss-cfb70f755c45a2cad582e8030b1542add9949efb.zip
- SSO finalized
- SSO Session is not closed if a new single authentication operation is started - PVP2 Configuration from Database (but without Metadata) --> TODO: change MetaDataProvider - Add additional UserFrame in case of SSO - MOASession encryption TODO: MetaDataProvider, IdentityLink resign, SSO with Mandates, Legacy Template generation
Diffstat (limited to 'id')
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/web.xml11
-rw-r--r--id/server/auth/src/main/webapp/css/index.css88
-rw-r--r--id/server/auth/src/main/webapp/template_onlineBKU.html1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java96
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java125
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java82
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java50
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java79
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java139
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java173
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java35
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java135
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java111
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java82
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java33
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties3
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html (renamed from id/server/idserverlib/src/main/resources/resources/templates/loginForm.html)42
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/loginFormIFrame.html260
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html2
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html104
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html42
-rw-r--r--id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd47
43 files changed, 1643 insertions, 370 deletions
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index ce410e769..e47fe26e2 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -19,7 +19,12 @@
<servlet-name>RedirectServlet</servlet-name>
<display-name>RedirectServlet</display-name>
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.RedirectServlet</servlet-class>
- </servlet>
+ </servlet>
+ <servlet>
+ <servlet-name>SSOSendAssertionServlet</servlet-name>
+ <display-name>SSOSendAssertionServlet</display-name>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet</servlet-class>
+ </servlet>
<servlet>
<servlet-name>LogOut</servlet-name>
<display-name>LogOut</display-name>
@@ -147,6 +152,10 @@
<servlet-mapping>
<servlet-name>RedirectServlet</servlet-name>
<url-pattern>/RedirectServlet</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>SSOSendAssertionServlet</servlet-name>
+ <url-pattern>/SSOSendAssertionServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LogOut</servlet-name>
diff --git a/id/server/auth/src/main/webapp/css/index.css b/id/server/auth/src/main/webapp/css/index.css
index ba6938f9a..2af88f24a 100644
--- a/id/server/auth/src/main/webapp/css/index.css
+++ b/id/server/auth/src/main/webapp/css/index.css
@@ -85,16 +85,92 @@ p#skiplinks a:active {
float:left;
width:250px;
margin-bottom: 25px;
-
+}
+
+.iframebkuselection {
+ text-align: center;
+ padding-bottom: 25px;
+ background-color : #DDDDDD;
}
h2#tabheader, h2#contentheader {
- padding:2px;
+ padding-bottom: 2px;
+ padding-right: 2px;
+ padding-top: 2px;
+ padding-left: 5px;
font-size:1.1em;
color:#fff;
border-bottom:2px solid #fff;
}
+h2#tabheader.full {
+ padding:5px;
+ font-size:20px;
+ color:#fff;
+ border-bottom:2px solid #fff;
+}
+
+#selectArea {
+ padding-top: 10px;
+ padding-bottom: 55px;
+ padding-left: 10px;
+}
+
+#selectArea.full {
+ font-size: 15px;
+ padding-bottom: 65px;
+}
+
+#leftcontent.full {
+ width: 400px;
+ margin-top: 30px;
+}
+
+#main.full {
+ margin-left: 35%;
+}
+
+.setAssertionButton {
+ background: #efefef;
+ cursor: pointer;
+ margin-top: 15px;
+ width: 70px;
+ height: 25px;
+}
+
+.setAssertionButton_full {
+ background: #efefef;
+ cursor: pointer;
+ margin-top: 15px;
+ width: 100px;
+ height: 30px
+}
+
+#leftbutton {
+ width: 35%;
+ float:left;
+ margin-left: 15px;
+}
+
+#rightbutton {
+ width: 35%;
+ float:right;
+ margin-right: 25px;
+ text-align: right;
+}
+
+#leftbutton.full {
+ width: 30%;
+ float:left;
+ margin-left: 40px;
+}
+
+#rightbutton.full {
+ width: 30%;
+ float:right;
+ margin-right: 45px;
+ text-align: right;
+}
#stork {
margin-bottom: 10px;
@@ -149,6 +225,14 @@ input {
padding:4px;
}
+.selectText{
+
+}
+
+.selectTextHeader{
+
+}
+
.sendButton {
background-color: DarkGray;
border-style: solid;
diff --git a/id/server/auth/src/main/webapp/template_onlineBKU.html b/id/server/auth/src/main/webapp/template_onlineBKU.html
index b8cd19866..77f7d076a 100644
--- a/id/server/auth/src/main/webapp/template_onlineBKU.html
+++ b/id/server/auth/src/main/webapp/template_onlineBKU.html
@@ -23,6 +23,7 @@
<!-- [OPTIONAL] Aendern Sie hier die Hintergrundfarbe der Online-BKU -->
<input type="hidden" name="appletBackgroundColor" value="#DDDDDD">
+ <input type="hidden" name="redirectTarget" value="_top">
</form>
<form name="CustomizedInfoForm" action="<BKU>" method="post">
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index a127dc6b5..f1c15e83b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -2575,16 +2575,17 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.debug("Issuer value: " + issuerValue);
- QualityAuthenticationAssuranceLevel qaaLevel = null;//TODO UNCOMMENT AGAIN !! = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
+ QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
//Logger.debug("QAALevel: " + qaaLevel.getValue());
RequestedAttributes requestedAttributes = null;
- //TODO UNCOMMENT AGAIN !! requestedAttributes = oaParam.getRequestedAttributes();
+ requestedAttributes = oaParam.getRequestedAttributes();
requestedAttributes.detach();
List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>();
List<RequestedAttribute> oaReqAttributeList = null;
- //TODO UNCOMMENT AGAIN !! oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());
+ oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes());
+
//check if country specific attributes must be additionally requested
if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) {
//add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index 5f100d5fe..9ba11bebd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -1,17 +1,26 @@
package at.gv.egovernment.moa.id.auth.builder;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
import java.io.InputStream;
import java.io.StringWriter;
+import java.net.URI;
import org.apache.commons.io.IOUtils;
import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
import at.gv.egovernment.moa.logging.Logger;
public class LoginFormBuilder {
+
+ private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
+ private static final String HTMLTEMPLATEFULL = "loginFormFull.html";
+ private static final String HTMLTEMPLATEIFRAME = "loginFormIFrame.html";
private static String AUTH_URL = "#AUTH_URL#";
private static String MODUL = "#MODUL#";
@@ -24,16 +33,41 @@ public class LoginFormBuilder {
private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate";
- private static String template;
-
- private static String getTemplate() {
+ private static String getTemplate(boolean isIFrame) {
- if (template == null) {
+ String template = null;
+
try {
- String classpathLocation = "resources/templates/loginForm.html";
- InputStream input = Thread.currentThread()
- .getContextClassLoader()
- .getResourceAsStream(classpathLocation);
+ String pathLocation;
+
+ InputStream input;
+
+ String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
+
+ if (isIFrame)
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME;
+ else
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
+
+ try {
+ File file = new File(new URI(pathLocation));
+ input = new FileInputStream(file);
+
+ } catch (FileNotFoundException e) {
+
+ Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package.");
+
+ if (isIFrame)
+ pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME;
+ else
+ pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
+
+ input = Thread.currentThread()
+ .getContextClassLoader()
+ .getResourceAsStream(pathLocation);
+
+ }
+
StringWriter writer = new StringWriter();
IOUtils.copy(input, writer);
template = writer.toString();
@@ -41,16 +75,17 @@ public class LoginFormBuilder {
template = template.replace(BKU_ONLINE, OAAuthParameter.ONLINEBKU);
template = template.replace(BKU_HANDY, OAAuthParameter.HANDYBKU);
template = template.replace(BKU_LOCAL, OAAuthParameter.LOCALBKU);
+
+ input.close();
+
} catch (Exception e) {
Logger.error("Failed to read template", e);
}
- }
-
- return template;
+ return template;
}
- public static String buildLoginForm(String modul, String action, String oaname, String contextpath) {
- String value = getTemplate();
+ public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame) {
+ String value = getTemplate(isIFrame);
if(value != null) {
if(modul == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
new file mode 100644
index 000000000..a72848832
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
@@ -0,0 +1,96 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.net.URI;
+
+import org.apache.commons.io.IOUtils;
+
+import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
+import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class SendAssertionFormBuilder {
+
+ private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
+ private static final String HTMLTEMPLATEFULL = "sendAssertionFormFull.html";
+ private static final String HTMLTEMPLATEIFRAME = "sendAssertionFormIFrame.html";
+
+ private static String URL = "#URL#";
+ private static String MODUL = "#MODUL#";
+ private static String ACTION = "#ACTION#";
+ private static String OANAME = "#OAName#";
+ private static String CONTEXTPATH = "#CONTEXTPATH#";
+
+ private static String SERVLET = CONTEXTPATH+"/SSOSendAssertionServlet";
+
+ private static String getTemplate(boolean isIFrame) {
+
+ String template = null;
+
+ try {
+ String pathLocation;
+ InputStream input;
+
+ String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
+
+ if (isIFrame)
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME;
+ else
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
+
+ try {
+ File file = new File(new URI(pathLocation));
+ input = new FileInputStream(file);
+
+ } catch (FileNotFoundException e) {
+
+ Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package.");
+
+ if (isIFrame)
+ pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME;
+ else
+ pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
+
+ input = Thread.currentThread()
+ .getContextClassLoader()
+ .getResourceAsStream(pathLocation);
+
+ }
+
+ StringWriter writer = new StringWriter();
+ IOUtils.copy(input, writer);
+ template = writer.toString();
+ template = template.replace(URL, SERVLET);
+ } catch (Exception e) {
+ Logger.error("Failed to read template", e);
+ }
+
+ return template;
+ }
+
+ public static String buildForm(String modul, String action, String oaname, String contextpath, boolean isIFrame) {
+ String value = getTemplate(isIFrame);
+
+ if(value != null) {
+ if(modul == null) {
+ modul = SAML1Protocol.PATH;
+ }
+ if(action == null) {
+ action = SAML1Protocol.GETARTIFACT;
+ }
+ value = value.replace(MODUL, modul);
+ value = value.replace(ACTION, action);
+ value = value.replace(OANAME, oaname);
+ value = value.replace(CONTEXTPATH, contextpath);
+ }
+ return value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 94a41a21f..e6de2ce02 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -1103,7 +1103,7 @@ public class AuthenticationSession implements Serializable {
* @return the ssoRequested
*/
- //TODO: SSO only allowed without mandates, actually
+ //TODO: SSO only allowed without mandates, actually!!!!!!
public boolean isSsoRequested() {
return ssoRequested && !useMandate;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 3f82c2a4c..c9a10b812 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -36,7 +36,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
String targetFriendlyName = null;
- String sso = req.getParameter(PARAM_SSO);
+// String sso = req.getParameter(PARAM_SSO);
// escape parameter strings
//TODO: use URLEncoder.encode!!
@@ -46,17 +46,20 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
templateURL = StringEscapeUtils.escapeHtml(templateURL);
useMandate = StringEscapeUtils.escapeHtml(useMandate);
ccc = StringEscapeUtils.escapeHtml(ccc);
- sso = StringEscapeUtils.escapeHtml(sso);
+// sso = StringEscapeUtils.escapeHtml(sso);
// check parameter
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+
+ //pvp2.x can use general identifier (equals oaURL in SAML1)
+// if (!ParamValidatorUtils.isValidOA(oaURL))
+// throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+
if (!ParamValidatorUtils.isValidUseMandate(useMandate))
throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
if (!ParamValidatorUtils.isValidCCC(ccc))
throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
- if (!ParamValidatorUtils.isValidUseMandate(sso))
- throw new WrongParametersException("StartAuthentication", PARAM_SSO, "auth.12");
+// if (!ParamValidatorUtils.isValidUseMandate(sso))
+// throw new WrongParametersException("StartAuthentication", PARAM_SSO, "auth.12");
//check UseMandate flag
String useMandateString = null;
@@ -74,22 +77,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
moasession.setUseMandate(useMandateString);
-
- //check useSSO flag
- String useSSOString = null;
- boolean useSSOBoolean = false;
- if ((sso != null) && (sso.compareTo("") != 0)) {
- useSSOString = sso;
- } else {
- useSSOString = "false";
- }
-
- if (useSSOString.compareToIgnoreCase("true") == 0)
- useSSOBoolean = true;
- else
- useSSOBoolean = false;
- moasession.setSsoRequested(useSSOBoolean);
-
+
//load OnlineApplication configuration
OAAuthParameter oaParam;
if (moasession.getPublicOAURLPrefix() != null) {
@@ -128,6 +116,23 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
}
+// //check useSSO flag
+// String useSSOString = null;
+// boolean useSSOBoolean = false;
+// if ((sso != null) && (sso.compareTo("") != 0)) {
+// useSSOString = sso;
+// } else {
+// useSSOString = "false";
+// }
+ //
+// if (useSSOString.compareToIgnoreCase("true") == 0)
+// useSSOBoolean = true;
+// else
+// useSSOBoolean = false;
+
+ //moasession.setSsoRequested(useSSOBoolean);
+ moasession.setSsoRequested(true && oaParam.useSSO()); //make always SSO if OA requested it!!!!
+
//Validate BKU URI
if (!ParamValidatorUtils.isValidBKUURI(bkuURL, oaParam.getBKUURL()))
throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 571d4e738..caf2e4490 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -92,7 +92,9 @@ public class LogOutServlet extends AuthServlet {
//delete SSO session and MOA session
AuthenticationManager authmanager = AuthenticationManager.getInstance();
- authmanager.logout(req, resp);
+ String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid);
+
+ authmanager.logout(req, resp, moasessionid);
Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
} else {
Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
new file mode 100644
index 000000000..ecbd87498
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
@@ -0,0 +1,125 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import iaik.util.logging.Log;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+
+
+public class SSOSendAssertionServlet extends AuthServlet{
+
+ private static final long serialVersionUID = 1L;
+
+ private static final String PARAM = "value";
+
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ Logger.info("Receive " + SSOSendAssertionServlet.class + " Request");
+ try {
+
+ String value = req.getParameter(PARAM);
+ value = StringEscapeUtils.escapeHtml(value);
+ if (!ParamValidatorUtils.isValidUseMandate(value))
+ throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null);
+
+
+ SSOManager ssomanager = SSOManager.getInstance();
+ //get SSO Cookie for Request
+ String ssoId = ssomanager.getSSOSessionID(req);
+
+ //check SSO session
+ if (ssoId != null) {
+ String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
+
+ if (correspondingMOASession != null) {
+ Log.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+ "Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
+
+
+ AuthenticationSessionStoreage.destroySession(correspondingMOASession);
+
+ ssomanager.deleteSSOSessionID(req, resp);
+ }
+ }
+
+ boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
+
+ String moaSessionID = null;
+
+ if (isValidSSOSession) {
+
+
+ //check UseMandate flag
+ String valueString = null;;
+ if ((value != null) && (value.compareTo("") != 0)) {
+ valueString = value;
+ } else {
+ valueString = "false";
+ }
+
+ if (valueString.compareToIgnoreCase("true") == 0) {
+ moaSessionID = AuthenticationSessionStoreage.getMOASessionID(ssoId);
+ AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
+ AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true);
+
+ HttpSession httpSession = req.getSession();
+ IRequest protocolRequest = RequestStorage.getPendingRequest(httpSession);
+
+ if (protocolRequest == null)
+ throw new AuthenticationException("auth.21", new Object[] {});
+
+ String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(),
+ ModulUtils.buildAuthURL(protocolRequest.requestedModule(), protocolRequest.requestedAction()), "");
+
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+ }
+
+ else {
+ throw new AuthenticationException("auth.21", new Object[] {});
+ }
+
+ } else {
+ handleError("SSO Session is not valid", null, req, resp);
+ }
+
+
+ } catch (MOADatabaseException e) {
+ handleError("SSO Session is not found", e, req, resp);
+ } catch (WrongParametersException e) {
+ handleError("Parameter is not valid", e, req, resp);
+ } catch (AuthenticationException e) {
+ handleError(e.getMessage(), e, req, resp);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 713fd538e..ffcb85044 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -24,6 +24,7 @@
package at.gv.egovernment.moa.id.config.auth;
+import iaik.security.cipher.AESKeyGenerator;
import iaik.util.logging.Log;
import java.io.File;
@@ -31,11 +32,16 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.MalformedURLException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Properties;
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
@@ -56,6 +62,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
+import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
@@ -152,7 +159,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
private static Properties props;
private static STORKConfig storkconfig;
-
+
/**
* Return the single instance of configuration data.
*
@@ -288,6 +295,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
String legacyconfig = props.getProperty("configuration.xml.legacy");
String xmlconfig = props.getProperty("configuration.xml");
+ String xmlconfigout = props.getProperty("configuration.xml.out");
+
//check if XML config should be used
if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) {
@@ -301,23 +310,14 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
if (MiscUtil.isNotEmpty(legacyconfig)) {
Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!");
- MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(legacyconfig, rootConfigFileDir);
+ MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(legacyconfig, rootConfigFileDir, props);
ConfigurationDBUtils.save(moaconfig);
Logger.info("Legacy Configuration load is completed.");
- //TODO: only for Testing!!!
- if (MiscUtil.isNotEmpty(xmlconfig)) {
- Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig);
- JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
- Marshaller m = jc.createMarshaller();
- m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
- File test = new File(xmlconfig);
- m.marshal(moaconfig, test);
-
- }
+
}
- //load legacy config if it is configured
+ //load MOA-ID 2.x config from XML
if (MiscUtil.isNotEmpty(xmlconfig)) {
Logger.warn("Load configuration from MOA-ID 2.x XML configuration");
@@ -330,7 +330,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
ConfigurationDBUtils.saveOrUpdate(moaconfig);
} catch (Exception e) {
- Log.err("MOA-ID XML configuration can not be loaded from File.");
+ Logger.warn("MOA-ID XML configuration can not be loaded from File.", e);
throw new ConfigurationException("config.02", null);
}
Logger.info("XML Configuration load is completed.");
@@ -341,6 +341,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
Logger.info("MOA-ID 2.0 is loaded.");
+ //TODO: only for Testing!!!
+ if (MiscUtil.isNotEmpty(xmlconfigout)) {
+ Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig);
+ JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
+ Marshaller m = jc.createMarshaller();
+ m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+ File test = new File(xmlconfigout);
+ m.marshal(moaidconfig, test);
+
+ }
+
//build STORK Config
AuthComponentGeneral authgeneral = getAuthComponentGeneral();
ForeignIdentities foreign = authgeneral.getForeignIdentities();
@@ -348,7 +359,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
Logger.warn("Error in MOA-ID Configuration. No STORK configuration found.");
throw new ConfigurationException("config.02", null);
}
- storkconfig = new STORKConfig(foreign.getSTORK(), props);
+ storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir);
//load Chaining modes
@@ -383,6 +394,37 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
}
}
+
+ public Properties getGeneralPVP2ProperiesConfig() {
+ Properties configProp = new Properties();
+ for (Object key : props.keySet()) {
+ String propPrefix = "protocols.pvp2.";
+ if (key.toString().startsWith(propPrefix)) {
+ String propertyName = key.toString().substring(propPrefix.length());
+ configProp.put(propertyName, props.get(key.toString()));
+ }
+ }
+ return configProp;
+ }
+
+
+ public PVP2 getGeneralPVP2DBConfig() {
+
+ try {
+ AuthComponentGeneral auth = getAuthComponentGeneral();
+ Protocols protocols = auth.getProtocols();
+ if (protocols != null) {
+ return protocols.getPVP2();
+ }
+ Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found.");
+ return null;
+
+ } catch (ConfigurationException e) {
+ Logger.warn("Error in MOA-ID Configuration. No general AuthComponent configuration found.");
+ return null;
+ }
+ }
+
public TimeOuts getTimeOuts() throws ConfigurationException {
AuthComponentGeneral auth = getAuthComponentGeneral();
@@ -708,6 +750,16 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return new String();
}
+ public String getMOASessionEncryptionKey() {
+
+ String prop = props.getProperty("configuration.moasession.key");
+
+ if (MiscUtil.isEmpty(prop))
+ return null;
+ else
+ return prop;
+ }
+
/**
* Retruns the STORK Configuration
* @return STORK Configuration
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 32c609e81..19a006982 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -222,6 +222,15 @@ public List<String> getTransformsInfos() {
return false;
}
+ public boolean useSSOWithoutQuestion() {
+ OASSO sso = oa_auth.getOASSO();
+ if (sso != null)
+ return sso.isAuthDataFrame();
+ else
+ return false;
+
+ }
+
public String getSingleLogOutURL() {
OASSO sso = oa_auth.getOASSO();
if (sso != null)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
index 4ee9986ff..61f0f7e90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -1,8 +1,10 @@
package at.gv.egovernment.moa.id.config.legacy;
import iaik.util.logging.Log;
+import iaik.x509.X509Certificate;
import java.io.BufferedInputStream;
+import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -12,6 +14,7 @@ import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
+import java.util.Properties;
import java.util.Set;
import org.opensaml.saml2.metadata.RequestedAttribute;
@@ -78,7 +81,7 @@ public class BuildFromLegacyConfig {
private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID";
- public static MOAIDConfiguration build(String fileName, String rootConfigFileDir) throws ConfigurationException {
+ public static MOAIDConfiguration build(String fileName, String rootConfigFileDir, Properties properies) throws ConfigurationException {
InputStream stream = null;
Element configElem;
ConfigurationBuilder builder;
@@ -167,6 +170,7 @@ public class BuildFromLegacyConfig {
PVP2 prot_pvp2 = new PVP2();
auth_protocols.setPVP2(prot_pvp2);
prot_pvp2.setPublicURLPrefix("https://labda.iaik.tugraz.at:8443/moa-id-auth/");
+ prot_pvp2.setIssuerName("MOA-ID 2.0 Demo IDP");
Organization pvp2_org = new Organization();
prot_pvp2.setOrganization(pvp2_org);
@@ -174,15 +178,25 @@ public class BuildFromLegacyConfig {
pvp2_org.setName("OrganisatioName");
pvp2_org.setURL("http://www.egiz.gv.at");
+ List<Contact> pvp2_contacts = new ArrayList<Contact>();
+ prot_pvp2.setContact(pvp2_contacts);
+
Contact pvp2_contact = new Contact();
- prot_pvp2.setContact(pvp2_contact);
pvp2_contact.setCompany("OrganisationDisplayName");
pvp2_contact.setGivenName("Max");
- pvp2_contact.setMail("max@muster.mann");
- pvp2_contact.setPhone("01 5555 5555");
+
+
+ List<String> mails = new ArrayList<String>();
+ pvp2_contact.setMail(mails);
+ mails.add("max@muster.mann");
+
+ List<String> phones = new ArrayList<String>();
+ pvp2_contact.setPhone(phones);
+ phones.add("01 5555 5555");
+
pvp2_contact.setSurName("Mustermann");
pvp2_contact.setType("technical");
-
+ pvp2_contacts.add(pvp2_contact);
//SSO
SSO auth_sso = new SSO();
@@ -414,7 +428,19 @@ public class BuildFromLegacyConfig {
OAPVP2 oa_pvp2 = new OAPVP2();
oa_auth.setOAPVP2(oa_pvp2);
oa_pvp2.setMetadataURL("TODO!!!");
- oa_pvp2.setCertificate("TODO!!!".getBytes());
+
+ //TODO: is only a workaround!!!!
+ Properties props = getGeneralPVP2ProperiesConfig(properies);
+ File dir = new File(props.getProperty("idp.truststore"));
+ File[] files = dir.listFiles();
+ if (files.length > 0) {
+ FileInputStream filestream = new FileInputStream(files[0]);
+ X509Certificate signerCertificate = new X509Certificate(filestream);
+ oa_pvp2.setCertificate(signerCertificate.getEncoded());
+
+ } else {
+ oa_pvp2.setCertificate(null);
+ }
moa_oas.add(moa_oa);
}
@@ -494,4 +520,16 @@ public class BuildFromLegacyConfig {
// auth_moaSP_connection.setClientKeyStore(auth_moaSP_connection_keyStore);
return auth_moaSP_connection;
}
+
+ private static Properties getGeneralPVP2ProperiesConfig(Properties props) {
+ Properties configProp = new Properties();
+ for (Object key : props.keySet()) {
+ String propPrefix = "protocols.pvp2.";
+ if (key.toString().startsWith(propPrefix)) {
+ String propertyName = key.toString().substring(propPrefix.length());
+ configProp.put(propertyName, props.get(key.toString()));
+ }
+ }
+ return configProp;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
index 4b4364555..82c9a92da 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
@@ -43,9 +43,11 @@ public class STORKConfig {
private STORK stork;
private Properties props;
private Map<String, CPEPS> cpepsMap;
+ private String basedirectory;
- public STORKConfig(STORK stork, Properties props) {
+ public STORKConfig(STORK stork, Properties props, String basedirectory) {
this.stork = stork;
+ this.basedirectory = basedirectory;
this.props = props;
//create CPEPS map
@@ -92,7 +94,7 @@ public class STORKConfig {
public SignatureCreationParameter getSignatureCreationParameter() {
- return new SignatureCreationParameter(props);
+ return new SignatureCreationParameter(props, basedirectory);
}
public SignatureVerificationParameter getSignatureVerificationParameter() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
index ee4fc1e20..4010ab491 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
@@ -40,9 +40,11 @@ public class SignatureCreationParameter {
private static final String PROPS_KEYNAME_PASS = "keyname.password";
private Properties props;
+ private String basedirectory;
- SignatureCreationParameter(Properties props) {
+ SignatureCreationParameter(Properties props, String basedirectory) {
this.props = props;
+ this.basedirectory = basedirectory;
}
/**
@@ -50,7 +52,7 @@ public class SignatureCreationParameter {
* @return File Path to KeyStore
*/
public String getKeyStorePath() {
- return props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_FILE);
+ return basedirectory + props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_FILE);
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 22f4a00ad..e995a1c2e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -32,6 +32,7 @@ import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl;
import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
import at.gv.egovernment.moa.logging.Logger;
public class DispatcherServlet extends AuthServlet{
@@ -80,6 +81,10 @@ public class DispatcherServlet extends AuthServlet{
IRequest errorRequest = RequestStorage
.getPendingRequest(req.getSession());
+
+ //remove the
+ RequestStorage.removePendingRequest(req.getSession());
+
if (errorRequest != null) {
try {
IModulInfo handlingModule = ModulStorage
@@ -204,7 +209,7 @@ public class DispatcherServlet extends AuthServlet{
.getOnlineApplicationParameter(protocolRequest.getOAURL());
if (oaParam == null) {
//TODO: Find a better place for this!!
- req.getSession().invalidate();
+ //req.getSession().invalidate();
throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() });
}
@@ -235,31 +240,32 @@ public class DispatcherServlet extends AuthServlet{
isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
useSSOOA = oaParam.useSSO();
+ //if a legacy request is used SSO should not be allowed, actually
+ boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req);
+
if (protocolRequest.isPassiv()
&& protocolRequest.forceAuth()) {
// conflict!
throw new NoPassivAuthenticationException();
}
-
- if (protocolRequest.forceAuth()) {
- if (!authmanager.tryPerformAuthentication(
- req, resp)) {
+
+ boolean tryperform = authmanager.tryPerformAuthentication(
+ req, resp);
+
+ if (protocolRequest.forceAuth()) {
+ if (!tryperform) {
authmanager.doAuthentication(req, resp,
protocolRequest);
return;
}
} else if (protocolRequest.isPassiv()) {
- if (authmanager.tryPerformAuthentication(req,
- resp)
- || (isValidSSOSession && useSSOOA) ) {
+ if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) {
// Passive authentication ok!
} else {
throw new NoPassivAuthenticationException();
}
} else {
- if (authmanager.tryPerformAuthentication(req,
- resp)
- || (isValidSSOSession && useSSOOA) ) {
+ if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) {
// Is authenticated .. proceed
} else {
// Start authentication!
@@ -268,21 +274,32 @@ public class DispatcherServlet extends AuthServlet{
return;
}
}
+
}
-
- moduleAction.processRequest(protocolRequest, req, resp);
- RequestStorage.removePendingRequest(httpSession);
+ String moasessionID = null;
+ AuthenticationSession moasession = null;
- String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
- AuthenticationManager.MOA_SESSION, null);
-
- AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionID);
-
- if ((useSSOOA || isValidSSOSession)
- && moasession.isSsoRequested()
- && !moasession.getUseMandate()) //TODO: SSO with mandates requires an OVS extension
+ if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension
{
+
+ //TODO SSO Question!!!!
+ if (useSSOOA && isValidSSOSession) {
+
+ moasessionID = ssomanager.getMOASession(ssoId);
+ moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+
+ //use new OAParameter
+ if (!oaParam.useSSOWithoutQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) {
+ authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam);
+ return;
+ }
+ }
+ else {
+ moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
+ AuthenticationManager.MOA_SESSION, null);
+ moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+ }
//save SSO session usage in Database
String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
@@ -295,7 +312,23 @@ public class DispatcherServlet extends AuthServlet{
}
} else {
- authmanager.logout(req, resp);
+ moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
+ AuthenticationManager.MOA_SESSION, null);
+ moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+ }
+
+ moduleAction.processRequest(protocolRequest, req, resp, moasession);
+
+ RequestStorage.removePendingRequest(httpSession);
+
+ boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID);
+
+ if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension
+ && !moasession.getUseMandate())
+ {
+
+ } else {
+ authmanager.logout(req, resp, moasessionID);
}
ConfigurationDBUtils.closeSession();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 4ec734c41..b6742fb9e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -10,14 +10,17 @@ import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
+import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.OAParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -119,33 +122,40 @@ public class AuthenticationManager extends AuthServlet {
try {
authSession = AuthenticationSessionStoreage.getSession(sessionID);
- } catch (MOADatabaseException e) {
- return false;
- }
+
- if (authSession != null) {
- Logger.info("MOASession found! A: "
- + authSession.isAuthenticated() + ", AU "
- + authSession.isAuthenticatedUsed());
- if (authSession.isAuthenticated()
- && !authSession.isAuthenticatedUsed()) {
- authSession.setAuthenticatedUsed(true);
- HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION,
- sessionID);
- return true; // got authenticated
+ if (authSession != null) {
+ Logger.info("MOASession found! A: "
+ + authSession.isAuthenticated() + ", AU "
+ + authSession.isAuthenticatedUsed());
+ if (authSession.isAuthenticated()
+ && !authSession.isAuthenticatedUsed()) {
+ authSession.setAuthenticatedUsed(true);
+
+ AuthenticationSessionStoreage.storeSession(authSession);
+
+ HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION,
+ sessionID);
+ return true; // got authenticated
+ }
}
+
+ } catch (MOADatabaseException e) {
+ return false;
+ } catch (BuildException e) {
+ return false;
}
}
return false;
}
public void logout(HttpServletRequest request,
- HttpServletResponse response) {
+ HttpServletResponse response, String moaSessionID) {
Logger.info("Logout");
HttpSession session = request.getSession();
- String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
+ //String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
if(moaSessionID == null) {
moaSessionID = (String) request.getParameter(PARAM_SESSIONID);
@@ -171,7 +181,7 @@ public class AuthenticationManager extends AuthServlet {
AuthenticationSessionStoreage.destroySession(moaSessionID);
- session.invalidate();
+ //session.invalidate();
} catch (MOADatabaseException e) {
Logger.info("NO MOA Authentication data for ID " + moaSessionID);
@@ -185,14 +195,14 @@ public class AuthenticationManager extends AuthServlet {
throws ServletException, IOException, MOAIDException {
Logger.info("Starting authentication ...");
- if (!ParamValidatorUtils.isValidOA(target.getOAURL()))
- throw new WrongParametersException("StartAuthentication", PARAM_OA,
- "auth.12");
-
- if (target.getOAURL() == null) {
- throw new WrongParametersException("StartAuthentication", PARAM_OA,
- "auth.12");
- }
+// if (!ParamValidatorUtils.isValidOA(target.getOAURL()))
+// throw new WrongParametersException("StartAuthentication", PARAM_OA,
+// "auth.12");
+//
+// if (target.getOAURL() == null) {
+// throw new WrongParametersException("StartAuthentication", PARAM_OA,
+// "auth.12");
+// }
setNoCachingHeadersInHttpRespone(request, response);
@@ -205,12 +215,19 @@ public class AuthenticationManager extends AuthServlet {
boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request);
AuthenticationSession moasession;
+ try {
+ //check if an MOASession exists and if not create an new MOASession
+ //moasession = getORCreateMOASession(request);
+ moasession = AuthenticationSessionStoreage.createSession();
+
+ } catch (MOADatabaseException e1) {
+ Logger.error("Database Error! MOASession can not be created!");
+ throw new MOAIDException("init.04", new Object[] {});
+ }
+
if (legacyallowed && legacyparamavail) {
- //check if an MOASession exists and if not create an new MOASession
- moasession = getORCreateMOASession(request);
-
//parse request parameter into MOASession
StartAuthentificationParameterParser.parse(request, response, moasession);
@@ -255,7 +272,7 @@ public class AuthenticationManager extends AuthServlet {
else {
//check if an MOASession exists and if not create an new MOASession
- moasession = getORCreateMOASession(request);
+ //moasession = getORCreateMOASession(request);
//set OnlineApplication configuration in Session
moasession.setOAURLRequested(target.getOAURL());
@@ -264,8 +281,10 @@ public class AuthenticationManager extends AuthServlet {
}
//Build authentication form
+
+
String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(),
- target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath());
+ target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame());
//store MOASession
try {
@@ -286,29 +305,43 @@ public class AuthenticationManager extends AuthServlet {
}
}
- private AuthenticationSession getORCreateMOASession(HttpServletRequest request) throws MOAIDException {
+ public void sendTransmitAssertionQuestion(HttpServletRequest request,
+ HttpServletResponse response, IRequest target, OAAuthParameter oaParam)
+ throws ServletException, IOException, MOAIDException {
- //String sessionID = request.getParameter(PARAM_SESSIONID);
- String sessionID = (String) request.getSession().getAttribute(MOA_SESSION);
- AuthenticationSession moasession;
-
- try {
- moasession = AuthenticationSessionStoreage.getSession(sessionID);
- Logger.info("Found existing MOASession with sessionID=" + sessionID
- + ". This session is used for reauthentification.");
-
- } catch (MOADatabaseException e) {
- try {
- moasession = AuthenticationSessionStoreage.createSession();
- Logger.info("Create a new MOASession with sessionID=" + moasession.getSessionID() + ".");
-
- } catch (MOADatabaseException e1) {
- Logger.error("Database Error! MOASession are not created.");
- throw new MOAIDException("init.04", new Object[] {
- "0"});
- }
- }
-
- return moasession;
- }
+ String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
+ target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame());
+
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(form);
+ out.flush();
+ }
+
+
+// private AuthenticationSession getORCreateMOASession(HttpServletRequest request) throws MOAIDException {
+//
+// //String sessionID = request.getParameter(PARAM_SESSIONID);
+// String sessionID = (String) request.getSession().getAttribute(MOA_SESSION);
+// AuthenticationSession moasession;
+//
+// try {
+// moasession = AuthenticationSessionStoreage.getSession(sessionID);
+// Logger.info("Found existing MOASession with sessionID=" + sessionID
+// + ". This session is used for reauthentification.");
+//
+// } catch (MOADatabaseException e) {
+// try {
+// moasession = AuthenticationSessionStoreage.createSession();
+// Logger.info("Create a new MOASession with sessionID=" + moasession.getSessionID() + ".");
+//
+// } catch (MOADatabaseException e1) {
+// Logger.error("Database Error! MOASession are not created.");
+// throw new MOAIDException("init.04", new Object[] {
+// "0"});
+// }
+// }
+//
+// return moasession;
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
index 6630693a6..aa8a8d9a9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
@@ -5,9 +5,10 @@ import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
public interface IAction extends MOAIDAuthConstants {
- public void processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp)
+ public void processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession)
throws MOAIDException;
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 84817ba7a..82273da83 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -61,10 +61,15 @@ public class SSOManager {
String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(),
AuthenticationManager.MOA_SESSION, null);
+
return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, moaSessionId);
}
+ public String getMOASession(String ssoSessionID) {
+ return AuthenticationSessionStoreage.getMOASessionID(ssoSessionID);
+ }
+
public String existsOldSSOSession(String ssoId) {
Logger.trace("Check that the SSOID has already been used");
@@ -136,23 +141,14 @@ public class SSOManager {
Cookie[] cookies = httpReq.getCookies();
if (cookies != null) {
- for (Cookie cookie : cookies) {
- if (cookie.getName().equals(SSOCOOKIE)) {
- cookie.setValue(ssoId);
- cookie.setMaxAge(sso_timeout);
- cookie.setSecure(true);
- httpResp.addCookie(cookie);
- return;
- }
- }
-
+ deleteSSOSessionID(httpReq, httpResp);
}
+
Cookie cookie = new Cookie(SSOCOOKIE, ssoId);
cookie.setMaxAge(sso_timeout);
cookie.setSecure(true);
- httpResp.addCookie(cookie);
- return;
-
+ cookie.setPath(httpReq.getContextPath());
+ httpResp.addCookie(cookie);
}
@@ -165,7 +161,7 @@ public class SSOManager {
//TODO: funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird (firefox)
//if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) {
-
+
if (cookie.getName().equals(SSOCOOKIE)) {
return cookie.getValue();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 17f1b631b..59a5158bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -4,6 +4,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager;
@@ -11,10 +12,11 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager;
public class AuthenticationAction implements IAction {
public void processRequest(IRequest req, HttpServletRequest httpReq,
- HttpServletResponse httpResp) throws MOAIDException {
+ HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+
System.out.println("Process PVP2 auth request!");
PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
- RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp);
+ RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
}
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 59eaa90b1..9fc213a48 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -33,6 +33,7 @@ import org.opensaml.xml.signature.Signer;
import org.w3c.dom.Document;
import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
@@ -44,7 +45,7 @@ import at.gv.egovernment.moa.logging.Logger;
public class MetadataAction implements IAction {
public void processRequest(IRequest req, HttpServletRequest httpReq,
- HttpServletResponse httpResp) throws MOAIDException {
+ HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
try {
EntitiesDescriptor idpEntitiesDescriptor =
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 790c42348..a63276d6e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -179,18 +179,22 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
AttributeConsumingService attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
//TODO: maybe change to getEntityID()
- String oaURL = consumerService.getLocation();
+ //String oaURL = consumerService.getLocation();
+ String oaURL = moaRequest.getEntityMetadata().getEntityID();
String binding = consumerService.getBinding();
String entityID = moaRequest.getEntityMetadata().getEntityID();
//String oaURL = (String) request.getParameter(PARAM_OA);
oaURL = StringEscapeUtils.escapeHtml(oaURL);
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.12");
+// if (!ParamValidatorUtils.isValidOA(oaURL))
+// throw new WrongParametersException("StartAuthentication",
+// PARAM_OA, "auth.12");
+
config.setOAURL(oaURL);
config.setBinding(binding);
config.setRequest(moaRequest);
+
+ //TODO: set correct target;
config.setTarget(PVPConfiguration.getInstance().getTargetForSP(entityID));
String useMandate = request.getParameter(PARAM_USEMANDATE);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
index 657f974f8..4fb76c377 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
@@ -5,6 +5,7 @@ import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.util.Constants;
public class BPKAttributeBuilder extends BaseAttributeBuilder {
@@ -14,12 +15,18 @@ public class BPKAttributeBuilder extends BaseAttributeBuilder {
public Attribute build(AuthenticationSession authSession,
OAAuthParameter oaParam, AuthenticationData authData) {
- // TODO: authSession + oaParam => authData
- String bpk = ""; //authSession.getAssertionAuthData().getIdentificationValue();
+ String bpk = authData.getBPK();
+ String type = authData.getBPKType();
+
+ if (type.startsWith(Constants.URN_PREFIX_WBPK))
+ type = type.substring((Constants.URN_PREFIX_WBPK+"+").length());
+ else if (type.startsWith(Constants.URN_PREFIX_CDID))
+ type = type.substring((Constants.URN_PREFIX_CDID+"+").length());
+
if(bpk.length() > BPK_MAX_LENGTH) {
bpk = bpk.substring(0, BPK_MAX_LENGTH);
}
- return buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, bpk);
+ return buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
index 9b6884993..8cb2b5be6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
@@ -13,10 +13,10 @@ public class EIDSectorForIDAttributeBuilder extends BaseAttributeBuilder {
}
public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) {
- // TODO: authSession + oaParam => authData
+ OAAuthParameter oaParam, AuthenticationData authData) {
+ String bpktype = authData.getBPKType();
return buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
- EID_SECTOR_FOR_IDENTIFIER_NAME, ""/*authSession.getAssertionAuthData().getIdentificationType()*/);
+ EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype);
}
public Attribute buildEmpty() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index c8059b2f9..7682566f2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -1,7 +1,10 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.config;
+import iaik.x509.X509Certificate;
+
import java.io.File;
import java.io.FileInputStream;
+import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
@@ -21,12 +24,19 @@ import org.opensaml.saml2.metadata.OrganizationURL;
import org.opensaml.saml2.metadata.SurName;
import org.opensaml.saml2.metadata.TelephoneNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.Digester;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
public class PVPConfiguration {
+
private static PVPConfiguration instance;
public static PVPConfiguration getInstance() {
@@ -71,26 +81,21 @@ public class PVPConfiguration {
public static final String IDP_CONTACT_COMPANY = "company";
public static final String IDP_CONTACT_PHONE = "phone";
- Properties props = new Properties();
-
+ PVP2 generalpvpconfigdb;
+ Properties props;
+
private PVPConfiguration() {
- try {
- String fileName = System
- .getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
- String pathName = (new File(fileName)).getParent();
- String configFile = pathName + "/" + PVP_CONFIG_FILE;
-
- Logger.info("PVP Config file " + configFile);
- FileInputStream is = new FileInputStream(configFile);
- props.load(is);
- is.close();
- } catch (Exception e) {
+ try {
+ generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
+ props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig();
+
+ } catch (ConfigurationException e) {
e.printStackTrace();
}
}
public String getIDPPublicPath() {
- String publicPath = props.getProperty(IDP_PUBLIC_URL);
+ String publicPath = generalpvpconfigdb.getPublicURLPrefix();
if(publicPath != null) {
if(publicPath.endsWith("/")) {
publicPath = publicPath.substring(0, publicPath.length()-2);
@@ -128,7 +133,7 @@ public class PVPConfiguration {
}
public String getIDPIssuerName() {
- return props.getProperty(IDP_ISSUER_NAME);
+ return generalpvpconfigdb.getIssuerName();
}
public List<String> getMetadataFiles() {
@@ -152,48 +157,66 @@ public class PVPConfiguration {
return files;
}
+ //TODO:
public String getTargetForSP(String sp) {
- String spHash = Digester.toSHA1(sp.getBytes());
- Logger.info("SHA hash for sp: " + sp + " => " + spHash);
- return props.getProperty(SP_TARGET_PREFIX + spHash);
- }
- public String getTrustEntityCertificate(String entityID) {
- String path = props.getProperty(IDP_TRUST_STORE);
- if (path == null) {
+ try {
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(sp);
+ return oaParam.getTarget();
+
+ } catch (ConfigurationException e) {
+ Logger.warn("OnlineApplication with ID "+ sp + " is not found.");
return null;
}
+
+ }
- if (!path.endsWith("/")) {
- path = path + "/";
+
+ public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
+
+ try {
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID);
+
+ if (oaParam == null) {
+ Logger.warn("Online Application with ID " + entityID + " not found!");
+ return null;
+ }
+
+ OAPVP2 pvp2param = oaParam.getPVP2Parameter();
+
+ if (pvp2param == null) {
+ return null;
+ }
+
+ Logger.info("Load TrustEntityCertificate ("+entityID+") from Database.");
+ return new X509Certificate(pvp2param.getCertificate());
+
+ } catch (CertificateException e) {
+ Logger.warn("Signer certificate can not be loaded from session database!", e);
+ return null;
+
+ } catch (ConfigurationException e) {
+ e.printStackTrace();
+ return null;
}
-
- String entityIDHash = Digester.toSHA1(entityID.getBytes());
-
- return path + entityIDHash;
}
public List<ContactPerson> getIDPContacts() {
List<ContactPerson> list = new ArrayList<ContactPerson>();
- String contactList = props.getProperty(IDP_CONTACT_LIST);
-
- if (contactList != null) {
-
- String[] contact_keys = contactList.split(",");
-
- for (int i = 0; i < contact_keys.length; i++) {
-
- String key = contact_keys[i];
+ List<Contact> contacts = generalpvpconfigdb.getContact();
+
+ if (contacts != null) {
+
+ for (Contact contact : contacts) {
ContactPerson person = SAML2Utils
.createSAMLObject(ContactPerson.class);
- String type = props.getProperty(IDP_CONTACT_PREFIX + "." + key
- + "." + IDP_CONTACT_TYPE);
+ String type = contact.getType();
if (type == null) {
- Logger.error("IDP Contact with key " + key
+ Logger.error("IDP Contact with SurName " + contact.getSurName()
+ " has no type defined!");
break;
}
@@ -218,15 +241,14 @@ public class PVPConfiguration {
}
if (enumType == null) {
- Logger.error("IDP Contact with key " + key
+ Logger.error("IDP Contact with SurName " + contact.getSurName()
+ " has invalid type defined: " + type);
break;
}
person.setType(enumType);
- String givenName = props.getProperty(IDP_CONTACT_PREFIX + "."
- + key + "." + IDP_CONTACT_GIVENNAME);
+ String givenName = contact.getGivenName();
if (givenName != null) {
GivenName name = SAML2Utils
@@ -235,8 +257,7 @@ public class PVPConfiguration {
person.setGivenName(name);
}
- String company = props.getProperty(IDP_CONTACT_PREFIX + "."
- + key + "." + IDP_CONTACT_COMPANY);
+ String company = contact.getCompany();
if (company != null) {
Company comp = SAML2Utils.createSAMLObject(Company.class);
@@ -244,8 +265,7 @@ public class PVPConfiguration {
person.setCompany(comp);
}
- String surname = props.getProperty(IDP_CONTACT_PREFIX + "."
- + key + "." + IDP_CONTACT_SURNAME);
+ String surname = contact.getSurName();
if (surname != null) {
SurName name = SAML2Utils.createSAMLObject(SurName.class);
@@ -253,35 +273,22 @@ public class PVPConfiguration {
person.setSurName(name);
}
- Set<Object> keySet = props.keySet();
- Iterator<Object> keyIt = keySet.iterator();
-
- while (keyIt.hasNext()) {
-
- String currentKey = keyIt.next().toString();
-
- if (currentKey.startsWith(IDP_CONTACT_PREFIX + "." + key
- + "." + IDP_CONTACT_PHONE)) {
- String phone = props.getProperty(currentKey);
-
- if (phone != null) {
- TelephoneNumber telePhone = SAML2Utils
- .createSAMLObject(TelephoneNumber.class);
- telePhone.setNumber(phone);
- person.getTelephoneNumbers().add(telePhone);
- }
- } else if (currentKey.startsWith(IDP_CONTACT_PREFIX + "."
- + key + "." + IDP_CONTACT_MAIL)) {
- String mail = props.getProperty(currentKey);
-
- if (mail != null) {
- EmailAddress mailAddress = SAML2Utils
- .createSAMLObject(EmailAddress.class);
- mailAddress.setAddress(mail);
- person.getEmailAddresses().add(mailAddress);
- }
- }
+ List<String> phones = contact.getPhone();
+ for (String phone : phones) {
+ TelephoneNumber telePhone = SAML2Utils
+ .createSAMLObject(TelephoneNumber.class);
+ telePhone.setNumber(phone);
+ person.getTelephoneNumbers().add(telePhone);
}
+
+ List<String> mails = contact.getMail();
+ for (String mail : mails) {
+ EmailAddress mailAddress = SAML2Utils
+ .createSAMLObject(EmailAddress.class);
+ mailAddress.setAddress(mail);
+ person.getEmailAddresses().add(mailAddress);
+ }
+
list.add(person);
}
}
@@ -291,10 +298,18 @@ public class PVPConfiguration {
public Organization getIDPOrganisation() {
Organization org = SAML2Utils.createSAMLObject(Organization.class);
- String org_name = props.getProperty(IDP_ORG_NAME);
- String org_dispname = props.getProperty(IDP_ORG_DISPNAME);
- String org_url = props.getProperty(IDP_ORG_URL);
-
+ at.gv.egovernment.moa.id.commons.db.dao.config.Organization organisation = generalpvpconfigdb.getOrganization();
+
+ String org_name = null;
+ String org_dispname = null;
+ String org_url = null;
+
+ if (organisation != null) {
+ org_name = organisation.getName();
+ org_dispname = organisation.getDisplayName();
+ org_url = organisation.getURL();
+ }
+
if (org_name == null || org_dispname == null || org_url == null) {
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
index c18296383..d479de2d7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
@@ -9,6 +9,7 @@ import org.opensaml.saml2.core.ArtifactResolve;
import org.opensaml.saml2.core.ArtifactResponse;
import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
@@ -23,7 +24,7 @@ public class ArtifactResolution implements IRequestHandler {
}
public void process(MOARequest obj, HttpServletRequest req,
- HttpServletResponse resp) throws MOAIDException {
+ HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException {
if (!handleObject(obj)) {
throw new MOAIDException("pvp2.13", null);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index db41bf389..f8270cf33 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -15,6 +15,7 @@ import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
+import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
@@ -29,6 +30,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
@@ -38,7 +40,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
}
public void process(MOARequest obj, HttpServletRequest req,
- HttpServletResponse resp) throws MOAIDException {
+ HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException {
if (!handleObject(obj)) {
throw new MOAIDException("pvp2.13", null);
}
@@ -46,9 +48,12 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest();
EntityDescriptor peerEntity = obj.getEntityMetadata();
-
- AuthenticationManager authmanager = AuthenticationManager.getInstance();
- AuthenticationSession authSession =authmanager.getAuthenticationSession(req.getSession());
+// if (!AuthenticationSessionStoreage.isAuthenticated(authSession.getSessionID())) {
+// throw new AuthenticationException("auth.21", new Object[] {});
+// }
+
+// AuthenticationManager authmanager = AuthenticationManager.getInstance();
+// AuthenticationSession authSession =authmanager.getAuthenticationSession(req.getSession());
// authSession.getM
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
index 002713f79..458316c6d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
@@ -4,11 +4,12 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
public interface IRequestHandler {
public boolean handleObject(MOARequest obj);
public void process(MOARequest obj, HttpServletRequest req,
- HttpServletResponse resp) throws MOAIDException;
+ HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index 9121f7558..a043bfde5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -8,6 +8,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
@@ -30,13 +31,13 @@ public class RequestManager {
handler.add(new ArtifactResolution());
}
- public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp)
+ public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession)
throws SAMLRequestNotSupported, MOAIDException {
Iterator<IRequestHandler> it = handler.iterator();
while(it.hasNext()) {
IRequestHandler handler = it.next();
if(handler.handleObject(obj)) {
- handler.process(obj, req, resp);
+ handler.process(obj, req, resp, moasession);
return;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
index 4a1cd45da..38251ab56 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
@@ -57,23 +57,14 @@ public class CredentialProvider {
public static Credential getSPTrustedCredential(String entityID)
throws CredentialsNotAvailableException {
- String filename = PVPConfiguration.getInstance()
- .getTrustEntityCertificate(entityID);
- iaik.x509.X509Certificate cert;
- try {
- cert = new X509Certificate(new FileInputStream(new File(filename)));
- } catch (CertificateException e) {
- e.printStackTrace();
- throw new CredentialsNotAvailableException(e.getMessage(), null);
- } catch (FileNotFoundException e) {
- e.printStackTrace();
- throw new CredentialsNotAvailableException(e.getMessage(), null);
- } catch (IOException e) {
- e.printStackTrace();
- throw new CredentialsNotAvailableException(e.getMessage(), null);
+ iaik.x509.X509Certificate cert = PVPConfiguration.getInstance()
+ .getTrustEntityCertificate(entityID);
+
+ if (cert == null) {
+ throw new CredentialsNotAvailableException("ServiceProvider Certificate can not be loaded from Database", null);
}
-
+
BasicX509Credential credential = new BasicX509Credential();
credential.setEntityId(entityID);
credential.setUsageType(UsageType.SIGNING);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index d3acf9351..42282f208 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -1,5 +1,7 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+import java.util.List;
+
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.security.SAMLSignatureProfileValidator;
@@ -53,18 +55,31 @@ public class EntityVerifier {
Logger.error("Failed to validate Signature", e);
throw new SAMLRequestNotSignedException(e);
}
+
+ List<EntityDescriptor> entities = entityDescriptor.getEntityDescriptors();
- Credential credential = CredentialProvider.getSPTrustedCredential(entityDescriptor.getName());
- if(credential == null) {
- throw new NoCredentialsException("moaID IDP");
- }
+ if (entities.size() > 0) {
+
+ if (entities.size() > 1) {
+ Logger.warn("More then one EntityID in Metadatafile with Name "
+ + entityDescriptor.getName() + " defined. Actually only the first"
+ + " entryID is used to select the certificate to perform Metadata verification.");
+ }
+
+ Credential credential = CredentialProvider.getSPTrustedCredential(entities.get(0).getEntityID());
+
+ if(credential == null) {
+ throw new NoCredentialsException("moaID IDP");
+ }
- SignatureValidator sigValidator = new SignatureValidator(credential);
- try {
- sigValidator.validate(entityDescriptor.getSignature());
- } catch (ValidationException e) {
- Logger.error("Failed to verfiy Signature", e);
- throw new SAMLRequestNotSignedException(e);
+ SignatureValidator sigValidator = new SignatureValidator(credential);
+ try {
+ sigValidator.validate(entityDescriptor.getSignature());
+
+ } catch (ValidationException e) {
+ Logger.error("Failed to verfiy Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 47887ddc2..75825d92d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -33,12 +33,16 @@ import at.gv.egovernment.moa.util.URLEncoder;
public class GetArtifactAction implements IAction {
public void processRequest(IRequest req, HttpServletRequest httpReq,
- HttpServletResponse httpResp) {
- HttpSession httpSession = httpReq.getSession();
-
- AuthenticationManager authmanager = AuthenticationManager.getInstance();
- AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
+ HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException {
+
+// HttpSession httpSession = httpReq.getSession();
+// AuthenticationManager authmanager = AuthenticationManager.getInstance();
+// AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
+// if (!AuthenticationSessionStoreage.isAuthenticated(session.getSessionID())) {
+// throw new AuthenticationException("auth.21", new Object[] {});
+// }
+
String oaURL = (String) req.getOAURL();
String target = (String) req.getTarget();
@@ -83,7 +87,8 @@ public class GetArtifactAction implements IAction {
if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) {
String url = "RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
- url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(oaParam.getTarget(), "UTF-8"));
+ if (!oaParam.getBusinessService())
+ url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(oaParam.getTarget(), "UTF-8"));
url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
url = httpResp.encodeRedirectURL(url);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
new file mode 100644
index 000000000..433302b4f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
@@ -0,0 +1,135 @@
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+public class GetArtifactServlet extends AuthServlet {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 3593264832041467899L;
+
+ /**
+ * Constructor for GetArtifactServlet.
+ */
+ public GetArtifactServlet() {
+ super();
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ HttpSession httpSession = req.getSession();
+
+
+
+// AuthenticationSession session = AuthenticationManager
+// .getAuthenticationSession(httpSession);
+//
+// String oaURL = (String) req.getAttribute(PARAM_OA);
+// oaURL = StringEscapeUtils.escapeHtml(oaURL);
+//
+// String target = (String) req.getAttribute(PARAM_TARGET);
+// target = StringEscapeUtils.escapeHtml(target);
+//
+// try {
+//
+// // check parameter
+// if (!ParamValidatorUtils.isValidOA(oaURL))
+// throw new WrongParametersException("StartAuthentication",
+// PARAM_OA, "auth.12");
+//
+// if (oaURL == null) {
+// oaURL = session.getOAURLRequested();
+// }
+//
+// if (oaURL == null) {
+// throw new WrongParametersException("StartAuthentication",
+// PARAM_OA, "auth.12");
+// }
+//
+// String samlArtifactBase64 = SAML1AuthenticationServer
+// .BuildSAMLArtifact(session);
+//
+// String redirectURL = oaURL;
+// session.getOAURLRequested();
+// if (!session.getBusinessService()) {
+// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+// URLEncoder.encode(session.getTarget(), "UTF-8"));
+//
+// }
+// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
+// URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+// redirectURL = resp.encodeRedirectURL(redirectURL);
+//
+// resp.setContentType("text/html");
+// resp.setStatus(302);
+//
+// resp.addHeader("Location", redirectURL);
+// Logger.debug("REDIRECT TO: " + redirectURL);
+//
+// // CONFIRMATION FOR SSO!
+// /*
+// * OAAuthParameter oaParam =
+// * AuthConfigurationProvider.getInstance().
+// * getOnlineApplicationParameter(oaURL);
+// *
+// * String friendlyName = oaParam.getFriendlyName(); if(friendlyName
+// * == null) { friendlyName = oaURL; }
+// *
+// *
+// * LoginConfirmationBuilder builder = new
+// * LoginConfirmationBuilder();
+// * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64);
+// * String form = builder.finish(oaURL, session.getIdentityLink()
+// * .getName(), friendlyName);
+// */
+//
+// /*
+// resp.setContentType("text/html");
+//
+// OutputStream out = resp.getOutputStream();
+// out.write(form.getBytes("UTF-8"));
+// out.flush();
+// out.close();*/
+//
+// } catch (WrongParametersException ex) {
+// handleWrongParameters(ex, req, resp);
+// } catch (ConfigurationException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// } catch (BuildException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// } catch (AuthenticationException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// }
+
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ doGet(req, resp);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 73308e607..da5556b30 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -16,6 +16,7 @@ import org.hibernate.Session;
import org.hibernate.Transaction;
import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
@@ -25,6 +26,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -45,6 +47,20 @@ public class AuthenticationSessionStoreage {
}
}
+ public static void setAuthenticated(String moaSessionID, boolean value) {
+
+ AuthenticatedSessionStore session;
+
+ try {
+ session = searchInDatabase(moaSessionID);
+ session.setAuthenticated(value);
+ MOASessionDBUtils.saveOrUpdate(session);
+
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e);
+ }
+ }
public static AuthenticationSession createSession() throws MOADatabaseException {
String id = Random.nextRandom();
@@ -73,12 +89,14 @@ public class AuthenticationSessionStoreage {
return session;
}
- public static void storeSession(AuthenticationSession session) throws MOADatabaseException {
+ public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
try {
AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
dbsession.setAuthenticated(session.isAuthenticated());
- dbsession.setSession(SerializationUtils.serialize(session));
+ byte[] serialized = SerializationUtils.serialize(session);
+
+ dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
@@ -138,7 +156,7 @@ public class AuthenticationSessionStoreage {
// }
public static String changeSessionID(AuthenticationSession session)
- throws AuthenticationException {
+ throws AuthenticationException, BuildException {
try {
AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
@@ -148,7 +166,10 @@ public class AuthenticationSessionStoreage {
dbsession.setSessionid(id);
dbsession.setAuthenticated(session.isAuthenticated());
- dbsession.setSession(SerializationUtils.serialize(session));
+
+ byte[] serialized = SerializationUtils.serialize(session);
+
+ dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
@@ -160,24 +181,6 @@ public class AuthenticationSessionStoreage {
} catch (MOADatabaseException e) {
throw new AuthenticationException("TODO!", null);
}
-
-
-// synchronized (sessionStore) {
-// if (sessionStore.containsKey(session.getSessionID())) {
-// AuthenticationSession theSession = sessionStore.get(session
-// .getSessionID());
-// if (theSession != session) {
-// throw new AuthenticationException("TODO!", null);
-// }
-//
-// sessionStore.remove(session.getSessionID());
-// String id = Random.nextRandom();
-// session.setSessionID(id);
-// sessionStore.put(id, session);
-// return id;
-// }
-// }
-// throw new AuthenticationException("TODO!", null);
}
public static void addSSOInformation(String moaSessionID, String SSOSessionID,
@@ -232,6 +235,7 @@ public class AuthenticationSessionStoreage {
dbsession.setSSOSession(true);
dbsession.setSSOsessionid(SSOSessionID);
+ dbsession.setAuthenticated(false);
//Store MOASession
session.saveOrUpdate(dbsession);
@@ -255,7 +259,11 @@ public class AuthenticationSessionStoreage {
try {
AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
- AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(dbsession.getSession());
+
+ //decrypt Session
+ byte[] decrypted = SessionEncrytionUtil.decrypt(dbsession.getSession());
+
+ AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(decrypted);
return session;
@@ -282,6 +290,37 @@ public class AuthenticationSessionStoreage {
}
+ public static String getMOASessionID(String SSOSessionID) {
+ MiscUtil.assertNotNull(SSOSessionID, "moasessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithSSOID");
+ query.setString("sessionid", SSOSessionID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+
+ } else {
+ return result.get(0).getSessionid();
+
+ }
+
+ }
+
public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) {
MiscUtil.assertNotNull(SSOId, "moasessionID");
@@ -308,19 +347,21 @@ public class AuthenticationSessionStoreage {
return false;
} else {
- AuthenticatedSessionStore dbsession = result.get(0);
+ return true;
-
- if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) {
- Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId);
- return true;
-
- } else {
- Log.warn("Found SSO Session with ID="+ dbsession.getSessionid()
- + " but this Session does not match to MOA Sesson ID=" + moaSessionId);
- }
-
- return false;
+// AuthenticatedSessionStore dbsession = result.get(0);
+//
+//
+// if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) {
+// Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId);
+// return true;
+//
+// } else {
+// Log.warn("Found SSO Session with ID="+ dbsession.getSessionid()
+// + " but this Session does not match to MOA Sesson ID=" + moaSessionId);
+// }
+//
+// return false;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
new file mode 100644
index 000000000..4ae4e5c44
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
@@ -0,0 +1,82 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+
+import javax.crypto.Cipher;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class SessionEncrytionUtil {
+
+ static SecretKey secret = null;
+
+ static {
+ try {
+ String key = AuthConfigurationProvider.getInstance().getMOASessionEncryptionKey();
+
+ if (key != null) {
+ SecretKeyFactory factory;
+
+ factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+ KeySpec spec = new PBEKeySpec(key.toCharArray(), "TestSALT".getBytes(), 1024, 128);
+ SecretKey tmp = factory.generateSecret(spec);
+ secret = new SecretKeySpec(tmp.getEncoded(), "AES");
+
+ } else {
+ Logger.warn("MOASession encryption is deaktivated.");
+ }
+
+ } catch (Exception e) {
+ Logger.warn("MOASession encryption can not be inizialized.", e);
+ }
+
+ }
+
+ public static byte[] encrypt(byte[] data) throws BuildException {
+ Cipher cipher;
+
+ if (secret != null) {
+ try {
+ cipher = Cipher.getInstance("AES/ECB/"+"ISO10126Padding");
+ cipher.init(Cipher.ENCRYPT_MODE, secret);
+
+ Logger.debug("Encrypt MOASession");
+ return cipher.doFinal(data);
+
+ } catch (Exception e) {
+ Logger.warn("MOASession is not encrypted",e);
+ throw new BuildException("MOASession is not encrypted", new Object[]{}, e);
+ }
+ } else
+ return data;
+ }
+
+ public static byte[] decrypt(byte[] data) throws BuildException {
+ Cipher cipher;
+
+ if (secret != null) {
+ try {
+ cipher = Cipher.getInstance("AES/ECB/"+"ISO10126Padding");
+ cipher.init(Cipher.DECRYPT_MODE, secret);
+
+ Logger.debug("Decrypt MOASession");
+ return cipher.doFinal(data);
+
+ } catch (Exception e) {
+ Logger.warn("MOASession is not decrypted",e);
+ throw new BuildException("MOASession is not decrypted", new Object[]{}, e);
+ }
+ } else
+ return data;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java
new file mode 100644
index 000000000..03521cf2f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java
@@ -0,0 +1,33 @@
+package at.gv.egovernment.moa.id.util.legacy;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+
+public class LegacyHelper implements MOAIDAuthConstants{
+
+ public static boolean isUseMandateRequested(HttpServletRequest req) throws WrongParametersException {
+
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ useMandate = StringEscapeUtils.escapeHtml(useMandate);
+ if (!ParamValidatorUtils.isValidUseMandate(useMandate))
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+
+ //check UseMandate flag
+ String useMandateString = null;
+ if ((useMandate != null) && (useMandate.compareTo("") != 0)) {
+ useMandateString = useMandate;
+ } else {
+ useMandateString = "false";
+ }
+
+ if (useMandateString.compareToIgnoreCase("true") == 0)
+ return true;
+ else
+ return false;
+ }
+}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index f5745873f..95bcad1ec 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -37,7 +37,8 @@ auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}"
auth.17=Vollmachtenmodus f�r nicht-�ffentlichen Bereich wird nicht unterst�tzt.
auth.18=Keine MOASessionID vorhanden
auth.19=Die Authentifizierung kann nicht passiv durchgef�hrt werden.
-auth.20=No valid MOA session found. Authentification process is abourted.
+auth.20=No valid MOA session found. Authentification process is abourted.
+auth.21=Der Anmeldevorgang wurde durch den Benutzer abgebrochen.
init.00=MOA ID Authentisierung wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m?glicherweise nicht verf?gbar
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
index 38ef53475..1228ba90e 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
@@ -46,16 +46,16 @@
document.getElementById("metroDetected").style.display="block";
document.getElementById("localBKU").style.display="block";
- if (checkMandateSSO())
- return;
+/* if (checkMandateSSO())
+ return; */
setMandateSelection();
- setSSOSelection();
+/* setSSOSelection(); */
var iFrameURL = "#AUTH_URL#" + "?";
iFrameURL += "bkuURI=" + "#ONLINE#";
iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
- iFrameURL += "&SSO=" + document.getElementById("useSSO").value;
+/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
iFrameURL += "&MODUL=" + "#MODUL#";
iFrameURL += "&ACTION=" + "#ACTION#";
@@ -65,16 +65,16 @@
function bkuHandyClicked() {
document.getElementById("localBKU").style.display="none";
- if (checkMandateSSO())
- return;
+/* if (checkMandateSSO())
+ return; */
setMandateSelection();
- setSSOSelection();
+/* setSSOSelection(); */
var iFrameURL = "#AUTH_URL#" + "?";
iFrameURL += "bkuURI=" + "#HANDY#";
iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
- iFrameURL += "&SSO=" + document.getElementById("useSSO").value;
+/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
iFrameURL += "&MODUL=" + "#MODUL#";
iFrameURL += "&ACTION=" + "#ACTION#";
@@ -84,11 +84,11 @@
function storkClicked() {
document.getElementById("localBKU").style.display="none";
- if (checkMandateSSO())
- return;
+/* if (checkMandateSSO())
+ return; */
setMandateSelection();
- setSSOSelection();
+/* setSSOSelection(); */
var ccc = "AT";
var countrySelection = document.getElementById("cccSelection");
@@ -100,8 +100,8 @@
var iFrameURL = "#AUTH_URL#" + "?";
iFrameURL += "bkuURI=" + "#ONLINE#";
iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
- iFrameURL += "&ccc=" + ccc;
- iFrameURL += "&SSO=" + document.getElementById("useSSO").value;
+ iFrameURL += "&CCC=" + ccc;
+/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
iFrameURL += "&MODUL=" + "#MODUL#";
iFrameURL += "&ACTION=" + "#ACTION#";
@@ -135,7 +135,7 @@
}
}
- function setSSOSelection() {
+/* function setSSOSelection() {
document.getElementById("useSSO").value = "false";
var checkbox = document.getElementById("SSOCheckBox");
if (checkbox != null) {
@@ -143,9 +143,9 @@
document.getElementById("useSSO").value = "true";
}
}
- }
+ } */
- function checkMandateSSO() {
+/* function checkMandateSSO() {
var sso = document.getElementById("SSOCheckBox");
var mandate = document.getElementById("mandateCheckBox");
@@ -158,7 +158,7 @@
} else {
return false;
}
- }
+ } */
</script>
</head>
@@ -217,13 +217,13 @@
<td><a href="info_mandates.html" target="_blank"
class="infobutton" style="margin-left: 5px" tabindex="5">i</a></td>
</tr>
- <tr>
+<!-- <tr>
<td><input tabindex="1" type="checkbox" name="SSO"
style="vertical-align: middle; margin-right: 5px"
id="SSOCheckBox"></td>
- <td><label for="SSOCheckBox">mit SingleSignOn anmelden</label></td>
+ <td><label for="SSOCheckBox">Single Sign-On</label></td>
<td></td>
- </tr>
+ </tr> -->
</table>
</div>
@@ -278,7 +278,7 @@
<form method="get" id="moaidform">
<input type="hidden" name="bkuURI" value="#LOCAL#">
<input type="hidden" name="useMandate" id="useMandate">
- <input type="hidden" name="SSO" id="useSSO">
+<!-- <input type="hidden" name="SSO" id="useSSO"> -->
<input type="hidden" name="CCC" id="ccc">
<input type="hidden" name="MODUL" value="#MODUL#">
<input type="hidden" name="ACTION" value="#ACTION#">
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormIFrame.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormIFrame.html
new file mode 100644
index 000000000..3d39f9233
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormIFrame.html
@@ -0,0 +1,260 @@
+<html>
+<head>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <meta content="text/css" http-equiv="Content-Style-Type">
+ <link rel="stylesheet" type="text/css" href="#CONTEXTPATH#/css/index.css">
+
+ <script type="text/javascript">
+ function isIE() {
+ return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
+ }
+
+ function isFullscreen() {
+ try {
+ return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
+ } catch (e) {
+ return false;
+ }
+ }
+
+ function isActivexEnabled() {
+ var supported = null;
+ try {
+ supported = !!new ActiveXObject("htmlfile");
+ } catch (e) {
+ supported = false;
+ }
+ return supported;
+ }
+
+ function isMetro() {
+ if (!isIE())
+ return false;
+ return !isActivexEnabled() && isFullscreen();
+ }
+
+ window.onload=function() {
+ document.getElementById("localBKU").style.display="block";
+ return;
+ }
+
+ function bkuLocalClicked() {
+ if (isMetro())
+ document.getElementById("metroDetected").style.display="block";
+
+/* if (checkMandateSSO())
+ return; */
+
+ setMandateSelection();
+/* setSSOSelection(); */
+
+ document.getElementById("moaidform").submit();
+ }
+
+ function bkuOnlineClicked() {
+ if (isMetro())
+ document.getElementById("metroDetected").style.display="block";
+
+/* if (checkMandateSSO())
+ return; */
+
+ setMandateSelection();
+/* setSSOSelection(); */
+
+ var iFrameURL = "#AUTH_URL#" + "?";
+ iFrameURL += "bkuURI=" + "#ONLINE#";
+ iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+ iFrameURL += "&SSO=" + document.getElementById("useSSO").value;
+ iFrameURL += "&MODUL=" + "#MODUL#";
+ iFrameURL += "&ACTION=" + "#ACTION#";
+
+ generateIFrame(iFrameURL);
+ }
+
+ function bkuHandyClicked() {
+ document.getElementById("localBKU").style.display="none";
+
+/* if (checkMandateSSO())
+ return; */
+
+ setMandateSelection();
+/* setSSOSelection(); */
+
+ var iFrameURL = "#AUTH_URL#" + "?";
+ iFrameURL += "bkuURI=" + "#HANDY#";
+ iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+ iFrameURL += "&SSO=" + document.getElementById("useSSO").value;
+ iFrameURL += "&MODUL=" + "#MODUL#";
+ iFrameURL += "&ACTION=" + "#ACTION#";
+
+ generateIFrame(iFrameURL);
+ }
+
+ function storkClicked() {
+ document.getElementById("localBKU").style.display="none";
+
+/* if (checkMandateSSO())
+ return; */
+
+ setMandateSelection();
+/* setSSOSelection(); */
+
+ var ccc = "AT";
+ var countrySelection = document.getElementById("cccSelection");
+
+ if (countrySelection != null) {
+ ccc = document.getElementById("cccSelection").value;
+ }
+
+ var iFrameURL = "#AUTH_URL#" + "?";
+ iFrameURL += "bkuURI=" + "#ONLINE#";
+ iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+ iFrameURL += "&CCC=" + ccc;
+ iFrameURL += "&SSO=" + document.getElementById("useSSO").value;
+ iFrameURL += "&MODUL=" + "#MODUL#";
+ iFrameURL += "&ACTION=" + "#ACTION#";
+
+ generateIFrame(iFrameURL);
+ }
+
+ function generateIFrame(iFrameURL) {
+ var el = document.getElementById("bkulogin");
+ var parent = el.parentNode;
+
+ var iframe = document.createElement("iframe");
+ iframe.setAttribute("src", iFrameURL);
+ iframe.setAttribute("width", "220");
+ iframe.setAttribute("height", "165");
+ iframe.setAttribute("frameborder", "0");
+ iframe.setAttribute("scrolling", "no");
+ iframe.setAttribute("title", "Login");
+
+ parent.replaceChild(iframe, el);
+
+/* document.location.href=iFrameURL; */
+ }
+
+ function setMandateSelection() {
+ document.getElementById("useMandate").value = "false";
+ var checkbox = document.getElementById("mandateCheckBox");
+ if (checkbox != null) {
+ if (document.getElementById("mandateCheckBox").checked) {
+ document.getElementById("useMandate").value = "true";
+ }
+ }
+ }
+
+/* function setSSOSelection() {
+ document.getElementById("useSSO").value = "false";
+ var checkbox = document.getElementById("SSOCheckBox");
+ if (checkbox != null) {
+ if (document.getElementById("SSOCheckBox").checked) {
+ document.getElementById("useSSO").value = "true";
+ }
+ }
+ }
+
+ function checkMandateSSO() {
+ var sso = document.getElementById("SSOCheckBox");
+ var mandate = document.getElementById("mandateCheckBox");
+
+
+ if (sso.checked && mandate.checked) {
+ alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
+ mandate.checked = false;
+ sso.checked = false;
+ return true;
+ } else {
+ return false;
+ }
+ } */
+ </script>
+</head>
+
+
+<body>
+ <div id="leftcontent">
+ <h2 id="tabheader" class="dunkel">
+ Login mit Bürgerkarte
+ </h2>
+ <div id="bkulogin" class="hell">
+
+ <div id="mandateLogin" style="margin-top: 10px; margin-bottom: 10px">
+ <table style="margin-left: auto; margin-right: auto;">
+ <tr>
+ <td><input tabindex="1" type="checkbox" name="Mandate"
+ style="vertical-align: middle; margin-right: 5px"
+ id="mandateCheckBox"></td>
+ <td><label for="mandateCheckBox">in Vertretung anmelden</label></td>
+ <td><a href="info_mandates.html" target="_blank"
+ class="infobutton" style="margin-left: 5px" tabindex="5">i</a></td>
+ </tr>
+<!-- <tr>
+ <td><input tabindex="1" type="checkbox" name="SSO"
+ style="vertical-align: middle; margin-right: 5px"
+ id="SSOCheckBox"></td>
+ <td><label for="SSOCheckBox">Single Sign-On</label></td>
+ <td></td>
+ </tr> -->
+ </table>
+ </div>
+
+ <div id="bkukarte" class="hell">
+ <button name="bkuButton" type="button" onClick="bkuOnlineClicked();">KARTE</button>
+ </div>
+
+ <div id="bkuhandy" class="hell">
+ <button name="bkuButton" type="button" onClick="bkuHandyClicked();">HANDY</button>
+ </div>
+
+ <div id="localBKU" style="display:none" class="hell">
+ <hr>
+ <form method="get" id="moaidform" action="#AUTH_URL#">
+ <input type="hidden" name="bkuURI" value="#LOCAL#">
+ <input type="hidden" name="useMandate" id="useMandate">
+ <input type="hidden" name="SSO" id="useSSO">
+ <input type="hidden" name="CCC" id="ccc">
+ <input type="hidden" name="MODUL" value="#MODUL#">
+ <input type="hidden" name="ACTION" value="#ACTION#">
+ <input type="submit" size="400" value="lokale BKU" class="sendButton" style="margin-top: 5px;">
+ </form>
+ <p style="margin-bottom: 0px; margin-top: 3px;">
+ <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>
+ </p>
+ </div>
+
+ <div id="stork" class="hell" align="center">
+ <div id="leftcontent" style="margin-bottom:10px">
+ <h2 id="tabheader" class="dunkel">
+ Home Country Selection
+ </h2>
+ </div>
+ <p>
+ <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
+ <option value="BE">Belgi&euml;/Belgique</option>
+ <option value="EE">Eesti</option>
+ <option value="ES">Espa&ntilde;a</option>
+ <option value="IS">&Iacute;sland</option>
+ <option value="IT">Italia</option>
+ <option value="LI">Liechtenstein</option>
+ <option value="LT">Lithuania</option>
+ <option value="PT">Portugal</option>
+ <option value="SI">Slovenija</option>
+ <option value="FI">Suomi</option>
+ <option value="SE">Sverige</option>
+ </select>
+ <button name="bkuButton" type="button" onClick="storkClicked();">Send</button>
+ <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
+ </p>
+ </div>
+ </div>
+
+ <div id="metroDetected" style="display:none" class="hell">
+ <p>
+ Anscheinend verwenden Sie Internet Explorer im Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den Optionen um die Karten-Anmeldung starten zu können.
+ </p>
+ </div>
+
+ </div>
+</body>
+</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html b/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html
index 1215c2b58..ccd85a38a 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html
@@ -31,7 +31,7 @@
-->
</style>
- <form action="${action}" method="post">
+ <form action="${action}" method="post" target="_parent">
<div>
#if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
new file mode 100644
index 000000000..c4b7196b1
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
@@ -0,0 +1,104 @@
+<html>
+<head>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <meta content="text/css" http-equiv="Content-Style-Type">
+ <link rel="stylesheet" type="text/css" href="#CONTEXTPATH#/css/index.css">
+ <link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stammzahl.css">
+ <link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stylesnew.css">
+ <link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stylesinput.css">
+
+</head>
+
+
+<body>
+ <div class="pageWidth">
+
+ <div id="pagebase">
+ <div id="page">
+
+ <div id="header" class="header clearfix">
+ <h1 class="main_header">MOA-ID 2.0 - Login Preview</h1>
+
+<!-- <ul id="servicenav">
+ <li><a href="http://www.dsk.gv.at">Datenschutzkommission<span class="hidden">.</span></a></li>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/5109/default.aspx">Stammzahlenregister<span class="hidden">.</span></a></li>
+ <li><a href="http://www.dsk.gv.at/DesktopDefault.aspx?alias=dvr">Datenverarbeitungsregister<span class="hidden">.</span></a></li>
+ <li><a href="http://www.dsk.gv.at/DesktopDefault.aspx?alias=dsken" lang="en" class="last-item">English<span class="hidden">.</span></a></li>
+ </ul> -->
+
+ <div id="mainnavjump"></div>
+ <p id="homelink"><img src="#CONTEXTPATH#/img/2.0/logo.png" style="width: 250px" alt="EGIZ"></p>
+ <ul id="mainnav" class="clearfix">
+<!-- <li><a href="http://www2.egiz.gv.at">Home<span class="hidden">.</span></a></li> -->
+<!-- <li><a href="http://www.stammzahlenregister.gv.at/site/5970/default.aspx">bPK<span class="hidden">.</span></a></li>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/5981/default.aspx">Ergänzungsregister<span class="hidden">.</span></a></li>
+ <li class="selected"><a href="http://www.stammzahlenregister.gv.at/site/5983/default.aspx" class="current">Vollmachten<span class="hidden"> (gew&auml;hlt)</span><span class="hidden">.</span></a></li>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/6001/default.aspx">Veröffentlichungen<span class="hidden">.</span></a></li> -->
+ </ul>
+
+ </div>
+
+
+ <br class="clearAll">
+
+ <div id="viewcontrol" class="switch">
+ <div id="page1" class="case selected-case">
+ <div style="margin-left: 0px;">
+
+<!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> -->
+
+ <div id="main" class="full">
+ <div id="leftcontent" class="full">
+ <h2 id="tabheader" class="dunkel full">
+ Anmeldeinformationen:
+
+ </h2>
+
+ <div id="selectArea" class="hell full">
+ <b>Anmeldung an:</b>
+ <p>#OAName#</p>
+
+
+<!-- <div class="hell"> -->
+ <div id="leftbutton" class="hell full">
+ <form method="post" id="moaidform_yes" action="#URL#">
+ <input type="hidden" name="value" value="true">
+ <input type="hidden" name="mod" value="#MODUL#">
+ <input type="hidden" name="action" value="#ACTION#">
+ <input type="submit" size="400" value="Ja" class="setAssertionButton_full">
+ </form>
+ </div>
+ <div id="rightbutton" class="hell full">
+ <form method="post" id="moaidform_no" action="#URL#">
+ <input type="hidden" name="value" value="false">
+ <input type="hidden" name="mod" value="#MODUL#">
+ <input type="hidden" name="action" value="#ACTION#">
+ <input type="submit" size="400" value="Nein" class="setAssertionButton_full">
+ </form>
+ </div>
+
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+
+ <br style="clear: both">
+ <div id="footer" class="clearfix">
+
+<!-- <h2 class="hidden">&Uuml;ber die Website der Stammzahlenregisterbeh&ouml;rde</h2>
+ <ul>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/5115/Default.aspx" class="first-item">Impressum<span class="hidden">.</span></a></li>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/6004/Default.aspx" lang="en">Sitemap<span class="hidden">.</span></a></li>
+
+ <li><a href="http://www.stammzahlenregister.gv.at/site/5122/Default.aspx">Kontakt<span class="hidden">.</span></a></li>
+ <li><a href="http://www.stammzahlenregister.gv.at/site/6005/Default.aspx">Hilfe<span class="hidden">.</span></a></li>
+ </ul> -->
+ </div>
+
+
+ </div>
+ </div>
+ </div>
+</body>
+</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html
new file mode 100644
index 000000000..46e8f46d8
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html
@@ -0,0 +1,42 @@
+<html>
+<head>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <meta content="text/css" http-equiv="Content-Style-Type">
+ <link rel="stylesheet" type="text/css" href="#CONTEXTPATH#/css/index.css">
+</head>
+
+
+<body>
+ <div id="leftcontent">
+ <h2 id="tabheader" class="dunkel">
+ Anmeldeinformationen:
+
+ </h2>
+
+ <div id="selectArea" class="hell">
+ <b>Anmeldung an:</b>
+ <p>#OAName#</p>
+
+
+<!-- <div class="hell"> -->
+ <div id="leftbutton" class="hell">
+ <form method="post" id="moaidform_yes" action="#URL#">
+ <input type="hidden" name="value" value="true">
+ <input type="hidden" name="mod" value="#MODUL#">
+ <input type="hidden" name="action" value="#ACTION#">
+ <input type="submit" size="400" value="Ja" class="setAssertionButton">
+ </form>
+ </div>
+ <div id="rightbutton" class="hell">
+ <form method="post" id="moaidform_no" action="#URL#">
+ <input type="hidden" name="value" value="false">
+ <input type="hidden" name="mod" value="#MODUL#">
+ <input type="hidden" name="action" value="#ACTION#">
+ <input type="submit" size="400" value="Nein" class="setAssertionButton">
+ </form>
+ </div>
+
+ </div>
+ </div>
+</body>
+</html>
diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
index b7982aca5..9f4e54212 100644
--- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
+++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
@@ -283,6 +283,7 @@
<xsd:complexType>
<xsd:sequence>
<xsd:element name="PublicURLPrefix" type="xsd:anyURI" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="IssuerName" type="xsd:anyURI" minOccurs="1" maxOccurs="1"/>
<xsd:element name="Organization">
<xsd:complexType>
<xsd:sequence>
@@ -292,28 +293,7 @@
</xsd:sequence>
</xsd:complexType>
</xsd:element>
- <xsd:element name="Contact">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="SurName" type="xsd:string" minOccurs="1" maxOccurs="1"/>
- <xsd:element name="GivenName" type="xsd:string" minOccurs="1" maxOccurs="1"/>
- <xsd:element name="Mail" type="xsd:string" minOccurs="1" maxOccurs="1"/>
- <xsd:element name="Type" minOccurs="1" maxOccurs="1">
- <xsd:simpleType>
- <xsd:restriction base="xsd:token">
- <xsd:enumeration value="technical"/>
- <xsd:enumeration value="support"/>
- <xsd:enumeration value="administrative"/>
- <xsd:enumeration value="billing"/>
- <xsd:enumeration value="other"/>
- </xsd:restriction>
- </xsd:simpleType>
- </xsd:element>
- <xsd:element name="Company" type="xsd:string" minOccurs="1" maxOccurs="1"/>
- <xsd:element name="Phone" type="xsd:string" minOccurs="1" maxOccurs="1"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
+ <xsd:element ref="Contact" minOccurs="1" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
@@ -556,6 +536,7 @@
<xsd:complexType>
<xsd:sequence>
<xsd:element name="UseSSO" type="xsd:boolean"/>
+ <xsd:element name="AuthDataFrame" type="xsd:boolean" default="true"/>
<xsd:element name="SingleLogOutURL" type="xsd:anyURI"/>
</xsd:sequence>
</xsd:complexType>
@@ -937,4 +918,26 @@
</xsd:sequence>
</xsd:complexType>
</xsd:element>
+ <xsd:element name="Contact">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="SurName" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="GivenName" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="Mail" type="xsd:string" minOccurs="1" maxOccurs="unbounded"/>
+ <xsd:element name="Type" minOccurs="1" maxOccurs="1">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="technical"/>
+ <xsd:enumeration value="support"/>
+ <xsd:enumeration value="administrative"/>
+ <xsd:enumeration value="billing"/>
+ <xsd:enumeration value="other"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:element>
+ <xsd:element name="Company" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="Phone" type="xsd:string" minOccurs="1" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
</xsd:schema>