aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java17
1 files changed, 12 insertions, 5 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
index 9d397074b..7b159c73d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
@@ -208,7 +208,12 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
if (!StringUtils.isEmpty(params.getAssertionConsumerUrl())) {
addAssertionConsumerService();
}
- fillNameIDFormat(spSSODescriptor);
+
+ //FIX: Austrian eIDAS node SP only needs persistent identifiers
+ NameIDFormat persistentFormat =
+ (NameIDFormat) BuilderFactoryUtil.buildXmlObject(NameIDFormat.DEFAULT_ELEMENT_NAME);
+ persistentFormat.setFormat(SamlNameIdFormat.PERSISTENT.getNameIdFormat());
+ spSSODescriptor.getNameIDFormats().add(persistentFormat);
/**FIXME:
* Double signing of SPSSODescribtor is not required
@@ -221,8 +226,8 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
entityDescriptor.getRoleDescriptors().add(spSSODescriptor);
}
-
- private void fillNameIDFormat(SSODescriptor ssoDescriptor) throws EIDASSAMLEngineException {
+
+ private void fillIDPNameIDFormat(SSODescriptor ssoDescriptor) throws EIDASSAMLEngineException {
NameIDFormat persistentFormat =
(NameIDFormat) BuilderFactoryUtil.buildXmlObject(NameIDFormat.DEFAULT_ELEMENT_NAME);
persistentFormat.setFormat(SamlNameIdFormat.PERSISTENT.getNameIdFormat());
@@ -269,7 +274,9 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
.add(getKeyDescriptor(keyInfoGeneratorFactory, params.getEncryptionCredential(), UsageType.ENCRYPTION));
}
idpSSODescriptor.addSupportedProtocol(params.getIdpSamlProtocol());
- fillNameIDFormat(idpSSODescriptor);
+
+ //Austrian eIDAS node IDP can provided persistent, transient, and unspecified identifiers
+ fillIDPNameIDFormat(idpSSODescriptor);
if (params.getIdpEngine() != null) {
@@ -298,7 +305,7 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
}
- /*TODO: Only a work-around to add eIDAS attributes, which could be provided from MOA-ID, to IDP metadata
+ /* FIX: Work-around to add eIDAS attributes, which could be provided from MOA-ID, to IDP metadata
* If we restrict the eIDAS Engine attribute definitions then also additional incoming attributes can not processed any more.
*/
public ImmutableSortedSet<AttributeDefinition<?>> getAllSupportedAttributes() {