aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java26
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java72
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java14
-rw-r--r--spss/server/serverlib/pom.xml16
6 files changed, 93 insertions, 41 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
index e988cc292..150cd959e 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
@@ -82,9 +82,7 @@ public class OATargetConfiguration implements IOnlineApplicationData {
*/
@Override
public List<String> parse(OnlineApplication dbOA,
- AuthenticatedUser authUser, HttpServletRequest request) {
- subTargetSet = MiscUtil.isNotEmpty(getTarget_subsector());
-
+ AuthenticatedUser authUser, HttpServletRequest request) {
String target_full = dbOA.getTarget();
if (MiscUtil.isNotEmpty(target_full)) {
if (TargetValidator.isValidTarget(target_full)) {
@@ -95,8 +93,10 @@ public class OATargetConfiguration implements IOnlineApplicationData {
if (TargetValidator.isValidTarget(target_split[0])) {
target = target_split[0];
- if (target_split.length > 1)
+ if (target_split.length > 1) {
target_subsector = target_split[1];
+ subTargetSet = true;
+ }
} else {
target = "";
@@ -367,4 +367,22 @@ public class OATargetConfiguration implements IOnlineApplicationData {
public void setDeaktivededBusinessService(boolean deaktivededBusinessService) {
this.deaktivededBusinessService = deaktivededBusinessService;
}
+
+
+ /**
+ * @return the subTargetSet
+ */
+ public boolean isSubTargetSet() {
+ return subTargetSet;
+ }
+
+
+ /**
+ * @param subTargetSet the subTargetSet to set
+ */
+ public void setSubTargetSet(boolean subTargetSet) {
+ this.subTargetSet = subTargetSet;
+ }
+
+
}
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
index 261966a86..b8bd1dc02 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
@@ -46,8 +46,8 @@
</s:select>
</s:else>
- <s:checkbox name="subTargetSet"
- value="%{subTargetSet}"
+ <s:checkbox name="targetConfig.subTargetSet"
+ value="%{targetConfig.subTargetSet}"
labelposition="left"
key="webpages.oaconfig.general.target.subsector.checkbox"
cssClass="checkbox"
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 17d6898ee..ddcc6e1d1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -39,6 +39,7 @@ import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.ws.soap.common.SOAPException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
@@ -76,6 +77,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExt
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
@@ -239,11 +241,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
attributs = reqQueryAttr;
//IDP is a service provider IDP and request interfederated IDP to collect attributes
- } else {
-
- //TODO: check if response include attributes and map this attributes to requested attributes
- //TODO: insert code to parse Attributes from AuthnRespones for USP --> Zustelldienst
-
+ } else {
//get PVP 2.1 attributes from protocol specific requested attributes
attributs = req.getRequestedAttributes();
@@ -255,44 +253,52 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix());
throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null);
}
+
+
+ //TODO: check if response include attributes and map this attributes to requested attributes
+ //TODO: insert code to parse Attributes from AuthnRespones for USP --> Zustelldienst
+ Response intfResp = (Response) req.getInterfederationResponse().getResponse();
+ AssertionAttributeExtractor extractor =
+ new AssertionAttributeExtractor(intfResp);
- //build attributQuery request
- AttributeQuery query =
- AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
+ if (!extractor.containsAllRequiredAttributes()) {
+ //build attributQuery request
+ AttributeQuery query =
+ AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
- //build SOAP request
- List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
+ //build SOAP request
+ List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
- if (xmlObjects.size() == 0) {
- Logger.error("Receive emptry AttributeQuery response-body.");
- throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null);
+ if (xmlObjects.size() == 0) {
+ Logger.error("Receive emptry AttributeQuery response-body.");
+ throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null);
- }
+ }
- if (xmlObjects.get(0) instanceof Response) {
- Response intfResp = (Response) xmlObjects.get(0);
+ if (xmlObjects.get(0) instanceof Response) {
+ intfResp = (Response) xmlObjects.get(0);
- //validate PVP 2.1 response
- try {
- SAMLVerificationEngine engine = new SAMLVerificationEngine();
- engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+ //validate PVP 2.1 response
+ try {
+ SAMLVerificationEngine engine = new SAMLVerificationEngine();
+ engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
- SAMLVerificationEngine.validateAssertion(intfResp, false);
+ SAMLVerificationEngine.validateAssertion(intfResp, false);
- } catch (Exception e) {
- Logger.warn("PVP 2.1 assertion validation FAILED.", e);
- throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e);
- }
-
- //parse response information to authData
- buildAuthDataFormInterfederationResponse(authdata, session, intfResp);
-
- } else {
- Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
- throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null);
+ } catch (Exception e) {
+ Logger.warn("PVP 2.1 assertion validation FAILED.", e);
+ throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e);
+ }
+
+ } else {
+ Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
+ throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null);
+ }
}
-
+ //parse response information to authData
+ buildAuthDataFormInterfederationResponse(authdata, session, intfResp);
+
} catch (SOAPException e) {
throw new BuildException("builder.06", null, e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 0d34fcb87..1e38bd4ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -269,7 +269,7 @@ public class DispatcherServlet extends AuthServlet{
info = ModulStorage.getModuleByPath(protocolRequest.requestedModule());
moduleAction = info.getAction(protocolRequest.requestedAction());
- //create interfederated mOASession
+ //create interfederated MOASession
String sessionID =
AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId);
req.getParameterMap().put(PARAM_SESSIONID, sessionID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index ee0088576..9aadfdc28 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
import java.util.List;
import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Response;
@@ -54,6 +55,19 @@ public class AssertionAttributeExtractor {
throw new AssertionAttributeExtractorExeption();
}
+ public boolean containsAllRequiredAttributes() {
+ //TODO: add default attribute list
+ return containsAllRequiredAttributes(null);
+
+ }
+
+ public boolean containsAllRequiredAttributes(List<Attribute> attributs) {
+ //TODO: add validation
+ return false;
+
+ }
+
+
public String getNameID() throws AssertionAttributeExtractorExeption {
if (assertion.getSubject() != null) {
Subject subject = assertion.getSubject();
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index f762ecdf6..3ee362890 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -144,7 +144,21 @@
<dependency>
<groupId>iaik</groupId>
- <artifactId>iaik_tsl</artifactId>
+ <artifactId>iaik_tsl</artifactId>
+ <exclusions>
+ <exclusion>
+ <artifactId>iaik_pki_module</artifactId>
+ <groupId>iaik</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>iaik_ecc_signed</artifactId>
+ <groupId>iaik</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>iaik_jce_eval_signed</artifactId>
+ <groupId>iaik</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>iaik</groupId>