summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java105
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java50
2 files changed, 67 insertions, 88 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 51f3cf4a7..9def5d22c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -86,7 +86,7 @@ import at.gv.egovernment.moa.util.Constants;
public class PVP2AssertionBuilder implements PVPConstants {
public static Assertion buildAssertion(AuthnRequest authnRequest,
- AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date)
+ AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date, AssertionConsumerService assertionConsumerService)
throws MOAIDException {
Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
@@ -151,28 +151,6 @@ public class PVP2AssertionBuilder implements PVPConstants {
throw new QAANotSupportedException(STORK_QAA_1_4);
}
}
-
-// reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
-// .iterator();
-//
-// StringBuilder authContextsb = new StringBuilder();
-//
-// while (reqAuthnContextClassRefIt.hasNext()) {
-// AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt
-// .next();
-// String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split(
-// "\\s+");
-// for (int i = 0; i < qaa_uris.length; i++) {
-// if (qaa_uris[i].trim().equals(STORK_QAA_1_4)
-// || qaa_uris[i].trim().equals(STORK_QAA_1_3)
-// || qaa_uris[i].trim().equals(STORK_QAA_1_2)
-// || qaa_uris[i].trim().equals(STORK_QAA_1_1)) {
-// authContextsb.append(qaa_uris[i].trim());
-// authContextsb.append(" ");
-// }
-// }
-//
-// }
AuthnContext authnContext = SAML2Utils
.createSAMLObject(AuthnContext.class);
@@ -191,14 +169,6 @@ public class PVP2AssertionBuilder implements PVPConstants {
SPSSODescriptor spSSODescriptor = peerEntity
.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
- Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
- int idx = 0;
-
- if (aIdx != null) {
- idx = aIdx.intValue();
-
- }
-
AttributeStatement attributeStatement = SAML2Utils
.createSAMLObject(AttributeStatement.class);
@@ -208,34 +178,52 @@ public class PVP2AssertionBuilder implements PVPConstants {
.buildAuthenticationData(authSession, oaParam,
oaParam.getTarget());
+ //add Attributes to Assertion
if (spSSODescriptor.getAttributeConsumingServices() != null &&
spSSODescriptor.getAttributeConsumingServices().size() > 0) {
- AttributeConsumingService attributeConsumingService = spSSODescriptor
- .getAttributeConsumingServices().get(idx);
+ Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
+ int idx = 0;
+
+ AttributeConsumingService attributeConsumingService = null;
- Iterator<RequestedAttribute> it = attributeConsumingService
- .getRequestAttributes().iterator();
- while (it.hasNext()) {
- RequestedAttribute reqAttribut = it.next();
- try {
- Attribute attr = PVPAttributeBuilder.buildAttribute(
- reqAttribut.getName(), authSession, oaParam, authData);
- if (attr == null) {
+ if (aIdx != null) {
+ idx = aIdx.intValue();
+ attributeConsumingService = spSSODescriptor
+ .getAttributeConsumingServices().get(idx);
+
+ } else {
+ List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
+ for (AttributeConsumingService el : attrConsumingServiceList) {
+ if (el.isDefault())
+ attributeConsumingService = el;
+ }
+ }
+
+ if (attributeConsumingService != null) {
+ Iterator<RequestedAttribute> it = attributeConsumingService
+ .getRequestAttributes().iterator();
+ while (it.hasNext()) {
+ RequestedAttribute reqAttribut = it.next();
+ try {
+ Attribute attr = PVPAttributeBuilder.buildAttribute(
+ reqAttribut.getName(), authSession, oaParam, authData);
+ if (attr == null) {
+ if (reqAttribut.isRequired()) {
+ throw new UnprovideableAttributeException(
+ reqAttribut.getName());
+ }
+ } else {
+ attributeStatement.getAttributes().add(attr);
+ }
+ } catch (PVP2Exception e) {
+ Logger.error(
+ "Attribute generation failed! for "
+ + reqAttribut.getFriendlyName(), e);
if (reqAttribut.isRequired()) {
throw new UnprovideableAttributeException(
reqAttribut.getName());
}
- } else {
- attributeStatement.getAttributes().add(attr);
- }
- } catch (PVP2Exception e) {
- Logger.error(
- "Attribute generation failed! for "
- + reqAttribut.getFriendlyName(), e);
- if (reqAttribut.isRequired()) {
- throw new UnprovideableAttributeException(
- reqAttribut.getName());
}
}
}
@@ -358,16 +346,8 @@ public class PVP2AssertionBuilder implements PVPConstants {
.createSAMLObject(SubjectConfirmationData.class);
subjectConfirmationData.setInResponseTo(authnRequest.getID());
subjectConfirmationData.setNotOnOrAfter(date.plusMinutes(5));
-
- //TL: change from entityID to destination URL
- AssertionConsumerService consumerService = spSSODescriptor
- .getAssertionConsumerServices().get(idx);
-
- if (consumerService == null) {
- throw new InvalidAssertionConsumerServiceException(idx);
- }
-
- subjectConfirmationData.setRecipient(consumerService.getLocation());
+
+ subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
@@ -383,7 +363,6 @@ public class PVP2AssertionBuilder implements PVPConstants {
conditions.setNotBefore(date);
conditions.setNotOnOrAfter(date.plusMinutes(5));
-// conditions.setNotOnOrAfter(new DateTime());
conditions.getAudienceRestrictions().add(audienceRestriction);
@@ -391,8 +370,6 @@ public class PVP2AssertionBuilder implements PVPConstants {
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- //TODO: check!
- //change to entity value from entity name to IDP EntityID (URL)
issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
issuer.setFormat(NameID.ENTITY);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index b6ab357b8..7bf188e53 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -85,12 +85,35 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
throw new MOAIDException("pvp2.13", null);
}
+ //get basic information
AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest();
- EntityDescriptor peerEntity = obj.getEntityMetadata();
+ EntityDescriptor peerEntity = obj.getEntityMetadata();
+ SPSSODescriptor spSSODescriptor = peerEntity
+ .getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ //get AssertionConsumingService
+ Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
+ int idx = 0;
+
+ if (aIdx != null) {
+ idx = aIdx.intValue();
+
+ } else {
+ idx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
+ }
+
+ AssertionConsumerService consumerService = spSSODescriptor
+ .getAssertionConsumerServices().get(idx);
+
+ if (consumerService == null) {
+ throw new InvalidAssertionConsumerServiceException(idx);
+
+ }
DateTime date = new DateTime();
- Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity, date);
+ //build Assertion
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity, date, consumerService);
Response authResponse = SAML2Utils.createSAMLObject(Response.class);
@@ -111,28 +134,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
authResponse.setIssueInstant(date);
authResponse.setStatus(SAML2Utils.getSuccessStatus());
-
- SPSSODescriptor spSSODescriptor = peerEntity
- .getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-
- Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
- int idx = 0;
-
- if (aIdx != null) {
- idx = aIdx.intValue();
-
- } else {
- idx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
- }
-
- AssertionConsumerService consumerService = spSSODescriptor
- .getAssertionConsumerServices().get(idx);
-
- if (consumerService == null) {
- throw new InvalidAssertionConsumerServiceException(idx);
-
- }
-
+
String oaURL = consumerService.getLocation();
//check, if metadata includes an encryption key
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 01:35:34 +0000