diff options
6 files changed, 220 insertions, 145 deletions
| diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java index 95347c265..09069ac7f 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java @@ -174,6 +174,14 @@ public class Configuration {  	} +	public boolean useRedirectBindingRequest() { +		return Boolean.parseBoolean(props.getProperty("general.login.pvp2.binding.req.redirect", "true")); +	} +	 +	public boolean useRedirectBindingResponse() { +		return Boolean.parseBoolean(props.getProperty("general.login.pvp2.binding.resp.redirect", "false")); +	} +	  	public void initializePVP2Login() throws ConfigurationException {  		if (!pvp2logininitialzied)  			initalPVP2Login(); diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Constants.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Constants.java index d6d2b32da..00e7c3619 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Constants.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Constants.java @@ -34,4 +34,5 @@ public class Constants {  	public static final String SESSION_NAMEID = "pvp2nameID";  	public static final String SESSION_NAMEIDFORMAT = "pvp2nameIDFormat"; +		  } diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java index 2641797ed..4c909ff80 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java @@ -34,11 +34,15 @@ import javax.xml.parsers.DocumentBuilder;  import javax.xml.parsers.DocumentBuilderFactory;  import javax.xml.parsers.ParserConfigurationException; +import org.apache.commons.lang3.RandomUtils; +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants;  import org.joda.time.DateTime;  import org.opensaml.common.SAMLObject;  import org.opensaml.common.binding.BasicSAMLMessageContext;  import org.opensaml.common.impl.SecureRandomIdentifierGenerator;  import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;  import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;  import org.opensaml.saml2.core.AuthnContextClassRef;  import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; @@ -107,8 +111,13 @@ public class Authenticate extends HttpServlet {  			SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();  			authReq.setID(gen.generateIdentifier()); +			String relayState = String.valueOf(RandomUtils.nextLong()); -			authReq.setAssertionConsumerServiceIndex(0); +			if (config.useRedirectBindingResponse()) +				authReq.setAssertionConsumerServiceIndex(1); +			else +				authReq.setAssertionConsumerServiceIndex(0); +				  			authReq.setAttributeConsumingServiceIndex(0);  			authReq.setIssueInstant(new DateTime()); @@ -152,17 +161,24 @@ public class Authenticate extends HttpServlet {  			for (SingleSignOnService sss :   					idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { -//				//Get the service address for the binding you wish to use -//				if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {  -//					redirectEndpoint = sss;   -//				} +				//Get the service address for the binding you wish to use +				if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) && !config.useRedirectBindingRequest()) {  +					redirectEndpoint = sss;   +				}  				//Get the service address for the binding you wish to use -				if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {  +				if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) && config.useRedirectBindingRequest()) {   					redirectEndpoint = sss;    				}    			} +			 +			if (redirectEndpoint == null) { +				log.warn("Can not find valid EndPoint for SAML2 response"); +				throw new ConfigurationException("Can not find valid EndPoint for SAML2 response"); +				 +			} +			  			authReq.setDestination(redirectEndpoint.getLocation());  			//authReq.setDestination("http://test.test.test"); @@ -195,49 +211,54 @@ public class Authenticate extends HttpServlet {  			signer.setSigningCredential(authcredential);  			authReq.setSignature(signer); -			//generate Http-POST Binding message -//			VelocityEngine engine = new VelocityEngine(); -//			engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); -//			engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); -//			engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); -//			engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); -//			engine.setProperty("classpath.resource.loader.class", -//					"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); -//			engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, -//					"org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); -//			engine.init(); -// -//			HTTPPostEncoder encoder = new HTTPPostEncoder(engine, -//					"templates/pvp_postbinding_template.html"); -//			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( -//					response, true); -//			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); -//			SingleSignOnService service = new SingleSignOnServiceBuilder() -//					.buildObject(); -//			service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); -//			service.setLocation(redirectEndpoint.getLocation());; -//			 -//			context.setOutboundSAMLMessageSigningCredential(authcredential); -//			context.setPeerEntityEndpoint(service); -//			context.setOutboundSAMLMessage(authReq); -//			context.setOutboundMessageTransport(responseAdapter); - -			//generate Redirect Binding message -			HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); -			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( -					response, true); -			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); -			SingleSignOnService service = new SingleSignOnServiceBuilder() -					.buildObject(); -			service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); -			service.setLocation(redirectEndpoint.getLocation()); -			context.setOutboundSAMLMessageSigningCredential(authcredential); -			context.setPeerEntityEndpoint(service); -			context.setOutboundSAMLMessage(authReq); -			context.setOutboundMessageTransport(responseAdapter); -			//context.setRelayState(relayState); -			 -			encoder.encode(context); +		 +			if (!config.useRedirectBindingRequest()) {			 +				//generate Http-POST Binding message +				VelocityEngine engine = new VelocityEngine(); +				engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); +				engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); +				engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); +				engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); +				engine.setProperty("classpath.resource.loader.class", +						"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); +				engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, +						"org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); +				engine.init(); +	 +				HTTPPostEncoder encoder = new HTTPPostEncoder(engine, +						"templates/pvp_postbinding_template.html"); +				HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( +						response, true); +				BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); +				SingleSignOnService service = new SingleSignOnServiceBuilder() +						.buildObject(); +				service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); +				service.setLocation(redirectEndpoint.getLocation());;				 +				context.setOutboundSAMLMessageSigningCredential(authcredential); +				context.setPeerEntityEndpoint(service); +				context.setOutboundSAMLMessage(authReq); +				context.setOutboundMessageTransport(responseAdapter); +				context.setRelayState(relayState); +				encoder.encode(context); +				 +			} else { +				//generate Redirect Binding message +				HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); +				HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( +						response, true); +				BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); +				SingleSignOnService service = new SingleSignOnServiceBuilder() +						.buildObject(); +				service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); +				service.setLocation(redirectEndpoint.getLocation()); +				context.setOutboundSAMLMessageSigningCredential(authcredential); +				context.setPeerEntityEndpoint(service); +				context.setOutboundSAMLMessage(authReq); +				context.setOutboundMessageTransport(responseAdapter);			 +				context.setRelayState(relayState);				 +				encoder.encode(context); +				 +			}  		} catch (Exception e) {  			log.warn("Authentication Request can not be generated", e); diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java index 75b54cfc4..d28f94fd6 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java @@ -234,13 +234,20 @@ public class BuildMetadata extends HttpServlet {  			//set HTTP-POST Binding assertion consumer service  			AssertionConsumerService postassertionConsumerService =  -					SAML2Utils.createSAMLObject(AssertionConsumerService.class); -			 +					SAML2Utils.createSAMLObject(AssertionConsumerService.class);			  			postassertionConsumerService.setIndex(0);  			postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);  			postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION);		  			spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); +			//set HTTP-Redirect Binding assertion consumer service +			AssertionConsumerService redirectassertionConsumerService =  +					SAML2Utils.createSAMLObject(AssertionConsumerService.class);			 +			redirectassertionConsumerService.setIndex(1); +			redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); +			redirectassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION);		 +			spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); +			  			//set Single Log-Out service  			SingleLogoutService sloService =  SAML2Utils.createSAMLObject(SingleLogoutService.class);  			sloService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java index cfc170011..31a3be7e2 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java @@ -38,6 +38,9 @@ import org.opensaml.common.SAMLObject;  import org.opensaml.common.binding.BasicSAMLMessageContext;  import org.opensaml.common.xml.SAMLConstants;  import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; +import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder; +import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule; +import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule;  import org.opensaml.saml2.core.Attribute;  import org.opensaml.saml2.core.AttributeStatement;  import org.opensaml.saml2.core.EncryptedAssertion; @@ -46,10 +49,14 @@ import org.opensaml.saml2.core.StatusCode;  import org.opensaml.saml2.encryption.Decrypter;  import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;  import org.opensaml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor;  import org.opensaml.security.MetadataCredentialResolver;  import org.opensaml.security.MetadataCredentialResolverFactory;  import org.opensaml.security.MetadataCriteria;  import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.ws.security.SecurityPolicyResolver; +import org.opensaml.ws.security.provider.BasicSecurityPolicy; +import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;  import org.opensaml.ws.transport.http.HttpServletRequestAdapter;  import org.opensaml.xml.encryption.ChainingEncryptedKeyResolver;  import org.opensaml.xml.encryption.InlineEncryptedKeyResolver; @@ -101,11 +108,40 @@ public class DemoApplication extends HttpServlet {  			return;  		} -		if (method.equals("POST")) { -		 -			try { -				Configuration config = Configuration.getInstance(); +		try { +			Configuration config = Configuration.getInstance(); +			Response samlResponse = null; +			 +			if (method.equals("GET")) { +				HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(new BasicParserPool()); +				BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); +				 +				messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request)); +				messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); +				 +				messageContext.setMetadataProvider(config.getMetaDataProvier()); +				 +				MetadataCredentialResolver resolver = new MetadataCredentialResolver(config.getMetaDataProvier()); +				List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); +				keyInfoProvider.add(new DSAKeyValueProvider()); +				keyInfoProvider.add(new RSAKeyValueProvider()); +				keyInfoProvider.add(new InlineX509DataProvider()); +				KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( +						keyInfoProvider); +				ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine( +						resolver, keyInfoResolver); +				 +				SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(engine); +				SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); +				BasicSecurityPolicy policy = new BasicSecurityPolicy(); +				policy.getPolicyRules().add(signatureRule); +				policy.getPolicyRules().add(signedRole);		 +				SecurityPolicyResolver resolver1 = new StaticSecurityPolicyResolver(policy);		 +				messageContext.setSecurityPolicyResolver(resolver1); +				decode.decode(messageContext); +			 +			} else if (method.equals("POST")) {				  				//Decode with HttpPost Binding  				HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());  				BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); @@ -114,7 +150,7 @@ public class DemoApplication extends HttpServlet {  							request));  				decode.decode(messageContext); -				Response samlResponse = (Response) messageContext.getInboundMessage(); +				samlResponse = (Response) messageContext.getInboundMessage();  				Signature sign = samlResponse.getSignature();  				if (sign == null) { @@ -148,116 +184,117 @@ public class DemoApplication extends HttpServlet {  				ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver);  				trustEngine.validate(sign, criteriaSet); -				log.info("PVP2 Assertion is valid"); +				log.info("PVP2 Assertion  with POST-Binding is valid"); -				//set assertion -				org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); -				String assertion = DOMUtils.serializeNode(doc);				 -				bean.setAssertion(assertion); +			} else { +				bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding."); +				setAnser(request, response, bean); +				return; -				if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { +			} -					List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>(); -					 -					//check encrypted Assertion -					List<EncryptedAssertion> encryAssertionList = samlResponse.getEncryptedAssertions(); -					if (encryAssertionList != null && encryAssertionList.size() > 0) { -						//decrypt assertions -						 -						log.debug("Found encryped assertion. Start decryption ..."); -						 -						KeyStore keyStore = config.getPVP2KeyStore(); -						 -						X509Credential authDecCredential = new KeyStoreX509CredentialAdapter( -								keyStore,  -								config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(),  -								config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); -						 -						 -						StaticKeyInfoCredentialResolver skicr = -								  new StaticKeyInfoCredentialResolver(authDecCredential); -						 -						ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); -						encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); -						encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); -						encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); -						 -						Decrypter samlDecrypter = -								new Decrypter(null, skicr, encryptedKeyResolver); -						 -						for (EncryptedAssertion encAssertion : encryAssertionList) {							 -							saml2assertions.add(samlDecrypter.decrypt(encAssertion)); - -						} -						 -						log.debug("Assertion decryption finished. "); -						 -					} else { -						saml2assertions = samlResponse.getAssertions(); +			//set assertion +			org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); +			String assertion = DOMUtils.serializeNode(doc);				 +			bean.setAssertion(assertion); +			 +			if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { +		 +				List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>(); -					} +				//check encrypted Assertion +				List<EncryptedAssertion> encryAssertionList = samlResponse.getEncryptedAssertions(); +				if (encryAssertionList != null && encryAssertionList.size() > 0) { +					//decrypt assertions -					String givenName = null; -					String familyName = null; -					String birthday = null; +					log.debug("Found encryped assertion. Start decryption ..."); -					for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { -						 -						//loop through the nodes to get what we want -						List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements(); -						for (int i = 0; i < attributeStatements.size(); i++) -						{ -							List<Attribute> attributes = attributeStatements.get(i).getAttributes(); -							for (int x = 0; x < attributes.size(); x++) -							{ -								String strAttributeName = attributes.get(x).getDOM().getAttribute("Name"); +					KeyStore keyStore = config.getPVP2KeyStore(); +					 +					X509Credential authDecCredential = new KeyStoreX509CredentialAdapter( +							keyStore,  +							config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(),  +							config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); +					 +					 +					StaticKeyInfoCredentialResolver skicr = +							  new StaticKeyInfoCredentialResolver(authDecCredential); +					 +					ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); +					encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); +					encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); +					encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); +					 +					Decrypter samlDecrypter = +							new Decrypter(null, skicr, encryptedKeyResolver); +					 +					for (EncryptedAssertion encAssertion : encryAssertionList) {							 +						saml2assertions.add(samlDecrypter.decrypt(encAssertion)); -								if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) -									familyName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); -								if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) -									givenName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); -								 -								if (strAttributeName.equals(PVPConstants.BIRTHDATE_NAME)) { -									birthday = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); -								}								 -							} -						}						 -						request.getSession().setAttribute(Constants.SESSION_NAMEIDFORMAT, -								saml2assertion.getSubject().getNameID().getFormat()); -						request.getSession().setAttribute(Constants.SESSION_NAMEID,  -								saml2assertion.getSubject().getNameID().getValue()); -						  					} -										 -					bean.setDateOfBirth(birthday); -					bean.setFamilyName(familyName); -					bean.setGivenName(givenName); -					bean.setLogin(true); -										 -					setAnser(request, response, bean); -					return; +					log.debug("Assertion decryption finished. ");  				} else { -					bean.setErrorMessage("Der Anmeldevorgang wurde abgebrochen.<br>Eine genaue Beschreibung des Fehlers finden Sie in der darunterliegenden Assertion."); -					setAnser(request, response, bean); -					return; +					saml2assertions = samlResponse.getAssertions(); +			 +				} +				 +				String givenName = null; +				String familyName = null; +				String birthday = null; +				 +				for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { +					 +					//loop through the nodes to get what we want +					List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements(); +					for (int i = 0; i < attributeStatements.size(); i++) +					{ +						List<Attribute> attributes = attributeStatements.get(i).getAttributes(); +						for (int x = 0; x < attributes.size(); x++) +						{ +							String strAttributeName = attributes.get(x).getDOM().getAttribute("Name"); + +							if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) +								familyName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); +							if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) +								givenName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); +							 +							if (strAttributeName.equals(PVPConstants.BIRTHDATE_NAME)) { +								birthday = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue(); +							}								 +						} +					}						 +					request.getSession().setAttribute(Constants.SESSION_NAMEIDFORMAT, +							saml2assertion.getSubject().getNameID().getFormat()); +					request.getSession().setAttribute(Constants.SESSION_NAMEID,  +							saml2assertion.getSubject().getNameID().getValue());  				} +									 +				bean.setDateOfBirth(birthday); +				bean.setFamilyName(familyName); +				bean.setGivenName(givenName); +				bean.setLogin(true); +									 +				setAnser(request, response, bean); +				return; +				 -			} catch (Exception e) { -				log.warn(e); -				bean.setErrorMessage("Internal Error: " + e.getMessage()); +			} else { +				bean.setErrorMessage("Der Anmeldevorgang wurde abgebrochen.<br>Eine genaue Beschreibung des Fehlers finden Sie in der darunterliegenden Assertion.");  				setAnser(request, response, bean);  				return; +				  			} -		} else { -			bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding."); +		} catch (Exception e) { +			log.warn(e); +			bean.setErrorMessage("Internal Error: " + e.getMessage());  			setAnser(request, response, bean);  			return; -			  		} +					  	}	  	private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean) throws ServletException, IOException { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java index 971e401ca..bba6d0541 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java @@ -43,6 +43,7 @@ public interface IOAAuthParameters {  	public static final String LOCALBKU = "local";  	public static final String INDERFEDERATEDIDP = "interfederated";  	public static final String EIDAS = "eIDAS"; +	public static final String AUTHTYPE_OTHERS = "others";  	/**  	 * Get the full key/value configuration for this online application | 
