summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml16
-rw-r--r--id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml93
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java2
4 files changed, 133 insertions, 8 deletions
diff --git a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
index e6a29ea18..75245d8f0 100644
--- a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
@@ -33,5 +33,21 @@
</configuration>
</instance>
+ <instance name="VIDP">
+ <!-- Configurations parameters StorkSamlEngine -->
+ <configuration name="SamlEngineConf">
+ <parameter name="fileConfiguration" value="StorkSamlEngine_VIDP.xml" />
+ </configuration>
+
+ <!-- Settings module signature-->
+ <configuration name="SignatureConf">
+ <!-- Specific signature module -->
+ <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
+ <!-- Settings specific module -->
+ <parameter name="fileConfiguration" value="SignModule_incoming.xml" />
+ </configuration>
+ </instance>
+
+
</instances>
diff --git a/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
new file mode 100644
index 000000000..fb786529a
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+ <comment>SAML constants for AuthnRequests and Responses.</comment>
+
+ <!--
+ Types of consent obtained from the user for this authentication and
+ data transfer.
+ Allow values: 'unspecified'.
+ -->
+ <entry key="consentAuthnRequest">unspecified</entry>
+
+ <!--
+ Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
+ -->
+ <entry key="consentAuthnResponse">obtained</entry>
+
+ <!--URI representing the classification of the identifier
+ Allow values: 'entity'.
+ -->
+ <entry key="formatEntity">entity</entry>
+
+ <!--Only HTTP-POST binding is only supported for inter PEPS-->
+ <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
+ <entry key="protocolBinding">HTTP-POST</entry>
+
+
+
+
+ <!--URI representing the classification of the identifier
+ Allow values: 'entity'.
+ <entry key="eIDSectorShare">true</entry>
+ <entry key="eIDCrossSectorShare">true</entry>
+ <entry key="eIDCrossBorderShare">true</entry>
+ -->
+
+
+
+ <!-- A friendly name for the attribute that can be displayed to a user -->
+ <entry key="friendlyName">false</entry>
+
+ <!-- A friendly name for the attribute that can be displayed to a user -->
+ <entry key="isRequired">true</entry>
+
+ <!--PEPS in the Service Provider's country-->
+ <entry key="requester">http://S-PEPS.gov.xx</entry>
+
+ <!--PEPS in the citizen's origin country-->
+ <entry key="responder">http://C-PEPS.gov.xx</entry>
+
+ <!--Subject cannot be confirmed on or after this seconds time (positive number)-->
+ <entry key="timeNotOnOrAfter">300</entry>
+
+ <!--Validation IP of the response-->
+ <entry key="ipAddrValidation">false</entry>
+
+
+ <!--Subject Attribute Definitions-->
+ <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
+ <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
+ <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
+ <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
+ <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
+ <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
+ <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
+ <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
+ <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
+ <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
+ <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
+ <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
+ <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
+ <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
+ <entry key="age">http://www.stork.gov.eu/1.0/age</entry>
+ <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
+
+ <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
+ <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
+
+ <entry key="title">http://www.stork.gov.eu/1.0/title</entry>
+ <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
+
+ <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
+ <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
+
+ <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
+ <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
+ <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
+ <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
+ <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
+ <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
+
+</properties>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index bc5a0c0c6..57c68e94c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -69,6 +69,7 @@ public class AttributeCollector implements IAction {
} catch (UnsupportedAttributeException e1) {
// the current provider cannot find anything familiar within the
// provided httpreq. Try the next one.
+ // TODO check the loop
}
if (null == newAttributes) {
@@ -89,6 +90,8 @@ public class AttributeCollector implements IAction {
throw new MOAIDException("stork.11", null);
}
+
+
// - insert the embedded attribute(s) into the container
for (PersonalAttribute current : newAttributes)
container.getResponse().getPersonalAttributeList().add(current);
@@ -117,6 +120,7 @@ public class AttributeCollector implements IAction {
if (!responseAttributeList.containsKey(current))
missingAttributes.add(current);
+ // Try to get all missing attributes
try {
// for each attribute still missing
for (PersonalAttribute currentAttribute : missingAttributes) {
@@ -138,6 +142,16 @@ public class AttributeCollector implements IAction {
}
}
+
+ // build response
+ generateSTORKResponse();
+
+ // set new http response
+ generateRedirectResponse();
+ response = httpResp;
+
+ return "12345"; // AssertionId
+
} catch (ExternalAttributeRequestRequiredException e) {
// the attribute request is ongoing and requires an external service.
try {
@@ -145,6 +159,13 @@ public class AttributeCollector implements IAction {
// - generate new key
String newArtifactId = new SecureRandomIdentifierGenerator()
.generateIdentifier();
+ // - put container in temporary store.
+ AssertionStorage.getInstance().put(newArtifactId, container);
+
+ // add container-key to redirect embedded within the return URL
+ e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam);
+
+
} catch (Exception e1) {
// TODO should we return the response as is to the PEPS?
Logger.error("Error putting incomplete Stork response into temporary storage", e);
@@ -154,14 +175,7 @@ public class AttributeCollector implements IAction {
return "12345"; // TODO what to do here?
}
- // build response
- generateSTORKResponse();
-
- // set new http response
- generateRedirectResponse();
- response = httpResp;
- return "12345"; // AssertionId
}
@@ -171,7 +185,7 @@ public class AttributeCollector implements IAction {
try {
//Get SAMLEngine instance
- STORKSAMLEngine engine = STORKSAMLEngine.getInstance("vidp");
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
Logger.debug("Starting generation of SAML response");
authnResponse = engine.generateSTORKAuthnResponse(authnRequest, authnResponse, container.getRemoteAddress(), false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index b3f009ae2..d4996c26a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -105,6 +105,8 @@ public class AuthenticationRequest implements IAction {
// - memorize the target url were we have to return the result
container.setTarget(((MOASTORKAuthnRequest) req).getStorkAuthnRequest().getAssertionConsumerServiceURL());
+ container.setRemoteAddress(httpReq.getRemoteAddr());
+
Logger.debug("Data container prepared");
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-30 18:09:34 +0000