aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java9
-rw-r--r--id/server/moa-id-commons/src/main/resources/resources/schemas/eIDAS_saml_extensions.xsd31
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java4
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/schema/eIDAS_saml_extensions.xsd31
4 files changed, 74 insertions, 1 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
index 129478270..2a4e3b362 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -394,6 +394,12 @@ public interface Constants {
public static final String SAML2_METADATA_SCHEMA_LOCATION =
SCHEMA_ROOT + "saml-schema-metadata-2.0.xsd";
+
+ /* Prefix and Schema definition for eIDAS specific SAML2 extensions*/
+ public static final String SAML2_eIDAS_EXTENSIONS_PREFIX = "eidas";
+ public static final String SAML2_eIDAS_EXTENSIONS = "http://eidas.europa.eu/saml-extensions";
+ public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd";
+
/**
* Contains all namespaces and local schema locations for XML schema
* definitions relevant for MOA. For use in validating XML parsers.
@@ -427,7 +433,8 @@ public interface Constants {
+ (STORK_NS_URI + " " + STORK_SCHEMA_LOCATION + " ")
+ (STORKP_NS_URI + " " + STORKP_SCHEMA_LOCATION + " ")
+ (SAML2_METADATA_URI + " " + SAML2_METADATA_SCHEMA_LOCATION + " ")
- + (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION);
+ + (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION)
+ + (SAML2_eIDAS_EXTENSIONS + " " + SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION);
/** URN prefix for bPK and wbPK. */
public static final String URN_PREFIX = "urn:publicid:gv.at";
diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/eIDAS_saml_extensions.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/eIDAS_saml_extensions.xsd
new file mode 100644
index 000000000..76b82a267
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/eIDAS_saml_extensions.xsd
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:eidas="http://eidas.europa.eu/saml-extensions" targetNamespace="http://eidas.europa.eu/saml-extensions" elementFormDefault="qualified" attributeFormDefault="unqualified">
+
+ <xsd:element name="SPType" type="eidas:SPTypeType"/>
+ <xsd:simpleType name="SPTypeType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="public"/>
+ <xsd:enumeration value="private"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+
+ <xsd:element name="RequestedAttributes" type="eidas:RequestedAttributesType"/>
+ <xsd:complexType name="RequestedAttributesType">
+ <xsd:sequence>
+ <xsd:element minOccurs="0" maxOccurs="unbounded" ref="eidas:RequestedAttribute"/>
+ </xsd:sequence>
+ </xsd:complexType>
+
+ <xsd:element name="RequestedAttribute" type="eidas:RequestedAttributeType"/>
+ <xsd:complexType name="RequestedAttributeType">
+ <xsd:sequence>
+ <xsd:element name="AttributeValue" minOccurs="0" maxOccurs="unbounded" type="xsd:anyType"/>
+ </xsd:sequence>
+ <xsd:attribute name="Name" type="xsd:string" use="required"/>
+ <xsd:attribute name="NameFormat" type="xsd:anyURI" use="required" />
+ <xsd:attribute name="isRequired" type="xsd:boolean" use="required"/>
+ <xsd:attribute name="FriendlyName" type="xsd:string" use="optional"/>
+ <xsd:anyAttribute namespace="##other" processContents="lax" />
+ </xsd:complexType>
+
+</xsd:schema>
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index d469ca28c..02a5df098 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -28,6 +28,7 @@ import java.net.URL;
import java.util.HashMap;
import java.util.Map;
+import org.opensaml.common.xml.SAMLSchemaBuilder;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLConfigurator;
@@ -107,6 +108,9 @@ public class SAMLEngineUtils {
//overwrite eIDAS response validator suite because Condition-Valitator has not time jitter
initOpenSAMLConfig("own-saml-eidasnode-config.xml");
+ //add eIDAS specific SAML2 extensions to eIDAS Schema validatior
+ SAMLSchemaBuilder.addExtensionSchema(
+ at.gv.egovernment.moa.util.Constants.SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION);
eIDASEngine = engine;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/schema/eIDAS_saml_extensions.xsd b/id/server/modules/moa-id-module-eIDAS/src/main/resources/schema/eIDAS_saml_extensions.xsd
new file mode 100644
index 000000000..76b82a267
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/schema/eIDAS_saml_extensions.xsd
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:eidas="http://eidas.europa.eu/saml-extensions" targetNamespace="http://eidas.europa.eu/saml-extensions" elementFormDefault="qualified" attributeFormDefault="unqualified">
+
+ <xsd:element name="SPType" type="eidas:SPTypeType"/>
+ <xsd:simpleType name="SPTypeType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="public"/>
+ <xsd:enumeration value="private"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+
+ <xsd:element name="RequestedAttributes" type="eidas:RequestedAttributesType"/>
+ <xsd:complexType name="RequestedAttributesType">
+ <xsd:sequence>
+ <xsd:element minOccurs="0" maxOccurs="unbounded" ref="eidas:RequestedAttribute"/>
+ </xsd:sequence>
+ </xsd:complexType>
+
+ <xsd:element name="RequestedAttribute" type="eidas:RequestedAttributeType"/>
+ <xsd:complexType name="RequestedAttributeType">
+ <xsd:sequence>
+ <xsd:element name="AttributeValue" minOccurs="0" maxOccurs="unbounded" type="xsd:anyType"/>
+ </xsd:sequence>
+ <xsd:attribute name="Name" type="xsd:string" use="required"/>
+ <xsd:attribute name="NameFormat" type="xsd:anyURI" use="required" />
+ <xsd:attribute name="isRequired" type="xsd:boolean" use="required"/>
+ <xsd:attribute name="FriendlyName" type="xsd:string" use="optional"/>
+ <xsd:anyAttribute namespace="##other" processContents="lax" />
+ </xsd:complexType>
+
+</xsd:schema>