diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-02-06 15:42:53 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-02-06 15:42:53 +0100 |
commit | 1c567f6eb16fa10d3811fbaaf70c4ab04fb08077 (patch) | |
tree | 6b999ab47897622daddabfc9e4819bcc56ea00c9 /id | |
parent | f9b31bdc4781d6eca20bc2d993f08f6a4eb462f2 (diff) | |
download | moa-id-spss-1c567f6eb16fa10d3811fbaaf70c4ab04fb08077.tar.gz moa-id-spss-1c567f6eb16fa10d3811fbaaf70c4ab04fb08077.tar.bz2 moa-id-spss-1c567f6eb16fa10d3811fbaaf70c4ab04fb08077.zip |
BRZ:
-add SAML1 SourceID parameter in moa-id general
Bugfix:
-SSO target had an error in case of business-service
-OA with business-service whichout single sign-on produce an error
Diffstat (limited to 'id')
13 files changed, 233 insertions, 122 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java index e309eaadd..7b02883bb 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -22,6 +22,12 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration; +import java.util.Collection; +import java.util.Hashtable; +import java.util.Map; + +import edu.emory.mathcs.backport.java.util.Collections; + public class Constants { public static final String FILEPREFIX = "file:"; @@ -78,4 +84,14 @@ public class Constants { public static final String IDENIFICATIONTYPE_BASEID_ZVR = IDENIFICATIONTYPE_BASEID + "X" + IDENIFICATIONTYPE_ZVR; public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; + + public static final Map<String, String> BUSINESSSERVICENAMES; + static { + Hashtable<String, String> tmp = new Hashtable<String, String>(); + tmp.put(IDENIFICATIONTYPE_FN, "Firmenbuchnummer"); + tmp.put(IDENIFICATIONTYPE_ZVR, "Vereinsnummer"); + tmp.put(IDENIFICATIONTYPE_ERSB, "ERsB Kennzahl"); + + BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp); + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index c6b9b984a..d81d03780 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -57,6 +57,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; +import at.gv.egovernment.moa.util.MiscUtil; public class GeneralMOAIDConfig { @@ -90,6 +91,8 @@ public class GeneralMOAIDConfig { private boolean legacy_saml1 = false; private boolean legacy_pvp2 = false; + private String saml1SourceID = null; + private String pvp2PublicUrlPrefix = null; private String pvp2IssuerName = null; private String pvp2OrgName = null; @@ -214,6 +217,11 @@ public class GeneralMOAIDConfig { SAML1 saml1 = protocols.getSAML1(); if (saml1 != null) { protocolActiveSAML1 = saml1.isIsActive(); + saml1SourceID = saml1.getSourceID(); + + //TODO: could removed in a later version + if (MiscUtil.isEmpty(saml1SourceID) && MiscUtil.isNotEmpty(alternativeSourceID)) + saml1SourceID = alternativeSourceID; } @@ -263,13 +271,21 @@ public class GeneralMOAIDConfig { if (sso != null) { ssoFriendlyName = sso.getFriendlyName(); - IdentificationNumber idl = sso.getIdentificationNumber(); - if (idl != null) - ssoIdentificationNumber = idl.getValue(); +// IdentificationNumber idl = sso.getIdentificationNumber(); +// if (idl != null) +// ssoIdentificationNumber = idl.getValue(); ssoPublicUrl = sso.getPublicURL(); ssoSpecialText = sso.getSpecialText(); - ssoTarget = sso.getTarget(); + + if (MiscUtil.isNotEmpty(sso.getTarget()) && + sso.getTarget().startsWith(Constants.PREFIX_WPBK)) { + ssoTarget = sso.getTarget().substring(Constants.PREFIX_WPBK.length()). + replace("+", ""); + + } else + ssoTarget = sso.getTarget(); + } } @@ -320,20 +336,6 @@ public class GeneralMOAIDConfig { } /** - * @return the alternativeSourceID - */ - public String getAlternativeSourceID() { - return alternativeSourceID; - } - - /** - * @param alternativeSourceID the alternativeSourceID to set - */ - public void setAlternativeSourceID(String alternativeSourceID) { - this.alternativeSourceID = alternativeSourceID; - } - - /** * @return the certStoreDirectory */ public String getCertStoreDirectory() { @@ -913,6 +915,21 @@ public class GeneralMOAIDConfig { public void setProtocolActiveOAuth(boolean protocolActiveOAuth) { this.protocolActiveOAuth = protocolActiveOAuth; } + + /** + * @return the saml1SourceID + */ + public String getSaml1SourceID() { + return saml1SourceID; + } + + /** + * @param saml1SourceID the saml1SourceID to set + */ + public void setSaml1SourceID(String saml1SourceID) { + this.saml1SourceID = saml1SourceID; + } + diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 3c8c0e18d..67750e765 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -74,6 +74,7 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.StorkConfigValidator; import at.gv.egovernment.moa.id.util.Random; @@ -229,12 +230,12 @@ public class EditGeneralConfigAction extends ActionSupport if (oldauth != null) oldauthgeneral = oldauth.getGeneralConfiguration(); - if (MiscUtil.isNotEmpty(moaconfig.getAlternativeSourceID())) - dbauthgeneral.setAlternativeSourceID(moaconfig.getAlternativeSourceID()); - else { - if (oldauthgeneral != null) - dbauthgeneral.setAlternativeSourceID(oldauthgeneral.getAlternativeSourceID()); - } +// if (MiscUtil.isNotEmpty(moaconfig.getAlternativeSourceID())) +// dbauthgeneral.setAlternativeSourceID(moaconfig.getAlternativeSourceID()); +// else { +// if (oldauthgeneral != null) +// dbauthgeneral.setAlternativeSourceID(oldauthgeneral.getAlternativeSourceID()); +// } if (MiscUtil.isNotEmpty(moaconfig.getCertStoreDirectory())) dbauthgeneral.setCertStoreDirectory(moaconfig.getCertStoreDirectory()); @@ -287,6 +288,15 @@ public class EditGeneralConfigAction extends ActionSupport } saml1.setIsActive(moaconfig.isProtocolActiveSAML1()); + if (MiscUtil.isNotEmpty(moaconfig.getSaml1SourceID())) { + saml1.setSourceID(moaconfig.getSaml1SourceID()); + + } else { + if (MiscUtil.isNotEmpty(saml1.getSourceID())) + saml1.setSourceID(moaconfig.getSaml1SourceID()); + + } + OAuth oauth= dbprotocols.getOAuth(); if (oauth == null) { oauth = new OAuth(); @@ -356,17 +366,43 @@ public class EditGeneralConfigAction extends ActionSupport if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl())) dbsso.setPublicURL(moaconfig.getSsoPublicUrl()); - if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) - dbsso.setTarget(moaconfig.getSsoTarget()); - - if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) { - IdentificationNumber ssoid = dbsso.getIdentificationNumber(); - if (ssoid == null) { - ssoid = new IdentificationNumber(); - dbsso.setIdentificationNumber(ssoid); + if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) { + + if (!ValidationHelper.isValidAdminTarget(moaconfig.getSsoTarget())) { + String num = moaconfig.getSsoTarget().replaceAll(" ", ""); + String pre = null; + if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); + + num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); + pre = Constants.IDENIFICATIONTYPE_FN; + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) { + num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + pre = Constants.IDENIFICATIONTYPE_ZVR; + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)){ + num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); + pre = Constants.IDENIFICATIONTYPE_ERSB; + } + + dbsso.setTarget(Constants.PREFIX_WPBK + pre + "+" + num); + + } else { + dbsso.setTarget(moaconfig.getSsoTarget()); + } - ssoid.setValue(moaconfig.getSsoIdentificationNumber()); } +// if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) { +// IdentificationNumber ssoid = dbsso.getIdentificationNumber(); +// if (ssoid == null) { +// ssoid = new IdentificationNumber(); +// dbsso.setIdentificationNumber(ssoid); +// } +// ssoid.setValue(moaconfig.getSsoIdentificationNumber()); +// } DefaultBKUs dbbkus = dbconfig.getDefaultBKUs(); if (dbbkus == null) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 775443689..25c3f24b9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -763,6 +763,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, IdentificationNumber idnumber = new IdentificationNumber(); idnumber.setValue(Constants.PREFIX_WPBK + generalOA.getIdentificationType() + "+" + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType())); authoa.setIdentificationNumber(idnumber); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index 1ea51652a..d7d97e5d4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -32,10 +32,12 @@ import java.util.Map; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.StringHelper; +import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -51,11 +53,11 @@ public class MOAConfigValidator { log.debug("Validate general MOA configuration"); - String check = form.getAlternativeSourceID(); + String check = form.getSaml1SourceID(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("AlternativeSourceID contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.AlternativeSourceID", + log.warn("SAML1 SourceID contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID", new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); } } @@ -282,14 +284,14 @@ public class MOAConfigValidator { } } - check = form.getSsoIdentificationNumber(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.info("SSO IdentificationNumber is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); - } - } +// check = form.getSsoIdentificationNumber(); +// if (MiscUtil.isNotEmpty(check)) { +// if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { +// log.info("SSO IdentificationNumber is not valid: " + check); +// errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", +// new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); +// } +// } check = form.getSsoPublicUrl(); if (MiscUtil.isNotEmpty(check)) { @@ -315,8 +317,23 @@ public class MOAConfigValidator { } else { if (!ValidationHelper.isValidAdminTarget(check)) { - log.info("Not valid SSO Target"); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid")); + + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + + String num = check.replaceAll(" ", ""); + + if ( !(num.startsWith(Constants.IDENIFICATIONTYPE_FN) || + num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) || + num.startsWith(Constants.IDENIFICATIONTYPE_ERSB) ) ) { + + log.info("Not valid SSO Target"); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid")); + } + } } diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 216f74850..0da6b1ec8 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -129,6 +129,8 @@ webpages.moaconfig.protocols.legacy.header=Legacy Modus aktivieren webpages.moaconfig.protocols.legacy.saml1=SAML1 webpages.moaconfig.protocols.legacy.pvp2=PVP2.1 webpages.moaconfig.protocols.oauth=OpenID Connect +webpages.moaconfig.protocols.saml1.header=SAML1 Konfiguration +webpages.moaconfig.protocols.saml1.sourceID=SourceID webpages.moaconfig.protocols.pvp2.header=PVP2 Konfiguration webpages.moaconfig.protocols.pvp2.PublicUrlPrefix=PVP2 Service URL-Prefix webpages.moaconfig.protocols.pvp2.IssuerName=PVP Service Name @@ -298,7 +300,7 @@ validation.edituser.password.valid=Das Passwort konnte nicht in einen g\u00FClti validation.edituser.password.equal=Die Passw\u00F6rter sind nicht identisch. validation.edituser.bpk.valid=Die BPK enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} -validation.general.AlternativeSourceID=Die AlternaticeSourceID enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.SAML1SourceID=Die SAML1SourceID enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.certStoreDirectory.empty=CertStoreDirectory Feld ist leer. validation.general.certStoreDirectory.valid=Das CertStoreDirectory Feld enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.Defaultchainigmode.empty=Es wurde kein DefaultChainingMode gew\u00E4hlt. diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 41702cbbb..2e0e5ea2a 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -301,6 +301,19 @@ <br> <div class="moageneral_protocol_area"> + <h4><%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.saml1.header", request) %></h4> + + <s:textfield name="moaconfig.saml1SourceID " + value="%{moaconfig.saml1SourceID}" + labelposition="left" + key="webpages.moaconfig.protocols.saml1.sourceID" + cssClass="textfield_long"> + </s:textfield> + </div> + + <br> + + <div class="moageneral_protocol_area"> <h4><%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.pvp2.header", request) %></h4> <s:textfield name="moaconfig.pvp2PublicUrlPrefix " diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 06d5b01bd..a5e92c701 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -2,6 +2,7 @@ package at.gv.egovernment.moa.id.auth; import iaik.asn1.ObjectID; +import iaik.util.logging.Log; import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; @@ -250,16 +251,27 @@ public class AuthenticationServer implements MOAIDAuthConstants { String infoboxReadRequest = ""; + String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim(); + if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { + //do not use SSO if no Target is set + Log.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); + session.setSsoRequested(false); + + } + if (session.isSsoRequested()) { //load identityLink with SSO Target boolean isbuisness = false; - String domainIdentifier = ""; - IdentificationNumber ssobusiness = AuthConfigurationProvider.getInstance().getSSOBusinessService(); - if (ssobusiness != null) { + + if (domainIdentifier.startsWith(PREFIX_WPBK)) { + + isbuisness = false; + + } else { isbuisness = true; - domainIdentifier = ssobusiness.getValue(); + } - + //build ReadInfobox request infoboxReadRequest = new InfoboxReadRequestBuilder().build( isbuisness, domainIdentifier); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index f555cfb9a..060dc2248 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -104,6 +104,8 @@ public interface MOAIDAuthConstants { // /** the number of the certifcate extension for party organ representatives */ // public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; + public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; + /** OW */ public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index 3432a19b1..dc5ec430e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -136,27 +136,6 @@ public class ConfigurationProvider { } /** - * Returns the mapping of generic configuration properties. - * - * @return The mapping of generic configuration properties (a name to value - * mapping) from the configuration. - */ - public Map<String, String> getGenericConfiguration() { - return genericConfiguration; - } - - /** - * Returns the value of a parameter from the generic configuration section. - * - * @return the parameter value; <code>null</code> if no such parameter - */ - public String getGenericConfigurationParameter(String parameter) { - if (! genericConfiguration.containsKey(parameter)) - return null; - return (String)genericConfiguration.get(parameter); - } - - /** * Return the chaining mode for a given trust anchor. * * @param trustAnchor The trust anchor for which the chaining mode should be diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 1804b5fd5..304b63de0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -519,6 +519,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { if (protocols.getSAML1() != null) { allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive()); + + //load alternative sourceID + if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID())) + alternativesourceid = protocols.getSAML1().getSourceID(); + } if (protocols.getOAuth() != null) { @@ -562,8 +567,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } //set alternativeSourceID - if (auth.getGeneralConfiguration() != null) - alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); + if (auth.getGeneralConfiguration() != null) + + //TODO: can be removed in a further version, because it is moved to SAML1 config + if (MiscUtil.isEmpty(alternativesourceid)) + alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); // sets the authentication session and authentication data time outs BigInteger param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated(); @@ -744,7 +752,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } public ProtocolAllowed getAllowedProtocols() { - return this.allowedProtcols; + return allowedProtcols; } public PVP2 getGeneralPVP2DBConfig() { @@ -895,27 +903,27 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } } - public boolean isSSOBusinessService() throws ConfigurationException { - - if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) - return true; - else - return false; - } +// public boolean isSSOBusinessService() throws ConfigurationException { +// +// if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) +// return true; +// else +// return false; +// } - public IdentificationNumber getSSOBusinessService() throws ConfigurationException { + public String getSSOTagetIdentifier() throws ConfigurationException { if (ssoconfig != null) - return ssoconfig.getIdentificationNumber(); + return ssoconfig.getTarget(); else return null; } - public String getSSOTarget() throws ConfigurationException { - if (ssoconfig!= null) - return ssoconfig.getTarget(); - - return null; - } +// public String getSSOTarget() throws ConfigurationException { +// if (ssoconfig!= null) +// return ssoconfig.getTarget(); +// +// return null; +// } public String getSSOFriendlyName() { if (ssoconfig!= null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index f515ea6bd..7ecd7dde8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -58,11 +58,13 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAuth; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; @@ -141,11 +143,7 @@ public class BuildFromLegacyConfig { //Load generic Config Map<String, String> genericConfiguration = builder.buildGenericConfiguration(); GeneralConfiguration authGeneral = new GeneralConfiguration(); - - if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID)) - authGeneral.setAlternativeSourceID( - (String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID)); - + if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)) authGeneral.setTrustManagerRevocationChecking( Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))); @@ -179,6 +177,19 @@ public class BuildFromLegacyConfig { final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); prot_legacy.setProtocolName(PROTOCOLS_LEGACY_ALLOWED); + //set SAML1 config + SAML1 saml1 = new SAML1(); + saml1.setIsActive(true); + if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID)) + saml1.setSourceID((String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID)); + auth_protocols.setSAML1(saml1); + + //set OAuth config + OAuth oauth = new OAuth(); + oauth.setIsActive(true); + auth_protocols.setOAuth(oauth); + + //set PVP2.1 config PVP2 prot_pvp2 = new PVP2(); auth_protocols.setPVP2(prot_pvp2); prot_pvp2.setPublicURLPrefix("https://...."); @@ -188,7 +199,7 @@ public class BuildFromLegacyConfig { prot_pvp2.setOrganization(pvp2_org); pvp2_org.setDisplayName("OrganisationDisplayName"); pvp2_org.setName("OrganisatioName"); - pvp2_org.setURL("http://www.egiz.gv.at"); + pvp2_org.setURL("http://testorganisation.at"); List<Contact> pvp2_contacts = new ArrayList<Contact>(); prot_pvp2.setContact(pvp2_contacts); @@ -357,7 +368,6 @@ public class BuildFromLegacyConfig { // oa_auth.setUseIFrame(false); // oa_auth.setUseUTC(oa.getUseUTC()); - //BKUURLs BKUURLS bkuurls = new BKUURLS(); bkuurls.setOnlineBKU(oldbkuonline); diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 33ad5c990..7944a7321 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -79,8 +79,8 @@ </xsd:simpleType> <xsd:complexType name="StorkAttribute"> <xsd:sequence> - <xsd:element name="name" type="xsd:string"></xsd:element> - <xsd:element name="mandatory" type="xsd:boolean"></xsd:element> + <xsd:element name="name" type="xsd:string"/> + <xsd:element name="mandatory" type="xsd:boolean"/> </xsd:sequence> </xsd:complexType> <xsd:simpleType name="LoginType"> @@ -281,6 +281,9 @@ <xsd:sequence> <xsd:element name="SAML1" minOccurs="0"> <xsd:complexType> + <xsd:sequence> + <xsd:element name="SourceID" type="xsd:string" minOccurs="0" maxOccurs="1"/> + </xsd:sequence> <xsd:attribute name="isActive" type="xsd:boolean" default="false"/> </xsd:complexType> </xsd:element> @@ -860,10 +863,10 @@ <xsd:element ref="SAMLSigningParameter"/> </xsd:sequence> <xsd:sequence> - <xsd:element ref="QualityAuthenticationAssuranceLevel" minOccurs="0" /> + <xsd:element ref="QualityAuthenticationAssuranceLevel" minOccurs="0"/> </xsd:sequence> <xsd:sequence> - <xsd:element ref="Attributes" maxOccurs="unbounded" minOccurs="0" /> + <xsd:element ref="Attributes" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:complexType> @@ -926,15 +929,14 @@ </xsd:sequence> </xsd:complexType> </xsd:element> - <xsd:element name="OA_STORK"> - <xsd:complexType> + <xsd:element name="OA_STORK"> + <xsd:complexType> <xsd:sequence> - <xsd:element name="StorkLogonEnabled" - type="xsd:boolean" /> - <xsd:element ref="Qaa" maxOccurs="1" minOccurs="0"></xsd:element> - <xsd:element ref="OAAttributes" maxOccurs="unbounded" minOccurs="0"></xsd:element> + <xsd:element name="StorkLogonEnabled" type="xsd:boolean"/> + <xsd:element ref="Qaa" minOccurs="0" maxOccurs="1"/> + <xsd:element ref="OAAttributes" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> - </xsd:complexType> + </xsd:complexType> </xsd:element> <xsd:element name="Contact"> <xsd:complexType> @@ -997,17 +999,13 @@ <xsd:element name="OnlyMandateLoginAllowed" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/> </xsd:sequence> </xsd:complexType> - - <xsd:element name="Attributes" type="StorkAttribute"></xsd:element> - - <xsd:element name="Qaa" type="QualityAuthenticationAssuranceLevelType"></xsd:element> - - <xsd:complexType name="OAStorkAttribute"> - <xsd:sequence> - <xsd:element name="mandatory" type="xsd:boolean"></xsd:element> - <xsd:element name="name" type="xsd:string"></xsd:element> - </xsd:sequence> - </xsd:complexType> - - <xsd:element name="OAAttributes" type="OAStorkAttribute"></xsd:element> + <xsd:element name="Attributes" type="StorkAttribute"/> + <xsd:element name="Qaa" type="QualityAuthenticationAssuranceLevelType"/> + <xsd:complexType name="OAStorkAttribute"> + <xsd:sequence> + <xsd:element name="mandatory" type="xsd:boolean"/> + <xsd:element name="name" type="xsd:string"/> + </xsd:sequence> + </xsd:complexType> + <xsd:element name="OAAttributes" type="OAStorkAttribute"/> </xsd:schema> |