aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java155
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java35
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java361
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java186
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java44
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java696
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java1
11 files changed, 1181 insertions, 347 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
new file mode 100644
index 000000000..a0f3dd309
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
@@ -0,0 +1,155 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.List;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.metadata.SingleLogoutService;
+
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SLOInformationContainer implements Serializable {
+
+ private static final long serialVersionUID = 7148730740582881862L;
+
+ private PVPTargetConfiguration sloRequest = null;
+ private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs = null;
+ private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs = null;
+ private List<String> sloFailedOAs = null;
+
+
+ public void parseActiveOAs(List<OASessionStore> dbOAs, String removeOAID) {
+ activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationImpl>();
+ activeBackChannelOAs = new LinkedHashMap<String, SLOInformationImpl>();
+
+ if (dbOAs != null) {
+ for (OASessionStore oa : dbOAs) {
+ //Actually only PVP 2.1 support Single LogOut
+ if (PVP2XProtocol.NAME.equals(oa.getProtocolType()) &&
+ !oa.getOaurlprefix().equals(removeOAID)) {
+ SingleLogoutService sloDesc;
+ try {
+ sloDesc = SingleLogOutBuilder.getRequestSLODescriptor(oa.getOaurlprefix());
+
+ if (sloDesc.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))
+ activeBackChannelOAs.put(oa.getOaurlprefix(),
+ new SLOInformationImpl(
+ oa.getAssertionSessionID(),
+ oa.getUserNameID(),
+ oa.getUserNameIDFormat(),
+ oa.getProtocolType(),
+ sloDesc));
+
+ else
+ activeFrontChannalOAs.put(oa.getOaurlprefix(),
+ new SLOInformationImpl(
+ oa.getAssertionSessionID(),
+ oa.getUserNameID(),
+ oa.getUserNameIDFormat(),
+ oa.getProtocolType(),
+ sloDesc));
+
+ } catch (NOSLOServiceDescriptorException e) {
+ putFailedOA(oa.getOaurlprefix());
+
+ }
+
+ } else
+ putFailedOA(oa.getOaurlprefix());
+ }
+ }
+ }
+
+ public String getNextFrontChannelOA() {
+ Iterator<String> interator = activeFrontChannalOAs.keySet().iterator();
+ if (interator.hasNext())
+ return interator.next();
+
+ else
+ return null;
+ }
+
+ public SLOInformationImpl getFrontChannelOASessionDescripten(String oaID) {
+ return activeFrontChannalOAs.get(oaID);
+ }
+
+ public void removeFrontChannelOA(String oaID) {
+ activeFrontChannalOAs.remove(oaID);
+ }
+
+ public Iterator<String> getNextBackChannelOA() {
+ return activeBackChannelOAs.keySet().iterator();
+ }
+
+ public SLOInformationImpl getBackChannelOASessionDescripten(String oaID) {
+ return activeBackChannelOAs.get(oaID);
+ }
+
+ public void removeBackChannelOA(String oaID) {
+ activeBackChannelOAs.remove(oaID);
+ }
+
+ /**
+ * @return the sloRequest
+ */
+ public PVPTargetConfiguration getSloRequest() {
+ return sloRequest;
+ }
+
+ /**
+ * @param sloRequest the sloRequest to set
+ */
+ public void setSloRequest(PVPTargetConfiguration sloRequest) {
+ this.sloRequest = sloRequest;
+ }
+
+ /**
+ * @return the sloFailedOAs
+ */
+ public List<String> getSloFailedOAs() {
+ return sloFailedOAs;
+ }
+
+ public void putFailedOA(String oaID) {
+ if (sloFailedOAs == null)
+ sloFailedOAs = new ArrayList<String>();
+ sloFailedOAs.add(oaID);
+ }
+
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
index 02bd74291..55b213702 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
@@ -22,24 +22,39 @@
*/
package at.gv.egovernment.moa.id.data;
+import java.io.Serializable;
+
+import org.opensaml.saml2.metadata.SingleLogoutService;
+
/**
* @author tlenz
*
*/
-public class SLOInformationImpl implements SLOInformationInterface {
-
+public class SLOInformationImpl implements SLOInformationInterface, Serializable {
+ private static final long serialVersionUID = 295577931870512387L;
private String sessionIndex = null;
private String nameID = null;
private String protocolType = null;
private String nameIDFormat = null;
+ private String binding = null;
+ private String serviceURL = null;
public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType) {
+ new SLOInformationImpl(sessionID, nameID, nameIDFormat, protocolType, null);
+ }
+
+ public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) {
this.sessionIndex = sessionID;
this.nameID = nameID;
this.nameIDFormat = nameIDFormat;
this.protocolType = protocolType;
-
+
+ if (sloService != null) {
+ this.binding = sloService.getBinding();
+ this.serviceURL = sloService.getLocation();
+
+ }
}
@@ -119,6 +134,20 @@ public class SLOInformationImpl implements SLOInformationInterface {
public void setNameIDFormat(String nameIDFormat) {
this.nameIDFormat = nameIDFormat;
}
+
+ /**
+ * @return the binding
+ */
+ public String getBinding() {
+ return binding;
+ }
+
+ /**
+ * @return the serviceURL
+ */
+ public String getServiceURL() {
+ return serviceURL;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
index 2c5682c0f..b2241f8ed 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
@@ -26,7 +26,7 @@ package at.gv.egovernment.moa.id.data;
* @author tlenz
*
*/
-public interface SLOInformationInterface {
+public interface SLOInformationInterface{
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index e2e6e752b..280b6495e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -87,6 +87,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotH
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
@@ -288,6 +289,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
} else if (e instanceof NameIDFormatNotSupportedException) {
statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI);
statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
+
+ } else if (e instanceof SLOException) {
+ //SLOExecpetions only occurs if session information is lost
+ return false;
} else if(e instanceof PVP2Exception) {
PVP2Exception ex = (PVP2Exception) e;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
new file mode 100644
index 000000000..c67d10ab7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -0,0 +1,361 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.metadata.SingleLogoutService;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationContainer;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SingleLogOutAction implements IAction {
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
+ */
+ @Override
+ public SLOInformationInterface processRequest(IRequest req,
+ HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IAuthData authData) throws MOAIDException {
+
+ PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req;
+
+ if (pvpReq.getRequest() instanceof MOARequest) {
+ MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+ if (samlReq.getSamlRequest() instanceof LogoutRequest) {
+ Logger.debug("Process Single LogOut request");
+ LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
+
+ AuthenticationSession session =
+ AuthenticationSessionStoreage.searchMOASessionWithNameIDandOAID(
+ logOutReq.getIssuer().getValue(),
+ logOutReq.getNameID().getValue());
+
+ if (session == null) {
+ Logger.warn("Can not find active SSO session with nameID "
+ + logOutReq.getNameID().getValue() + " and OA "
+ + logOutReq.getIssuer().getValue());
+ Logger.info("Search active SSO session with SSO session cookie");
+ SSOManager ssomanager = SSOManager.getInstance();
+ String ssoID = ssomanager.getSSOSessionID(httpReq);
+ if (MiscUtil.isEmpty(ssoID)) {
+ Logger.warn("Can not find active Session. Single LogOut not possible!");
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ return null;
+
+ } else {
+ String moasession = ssomanager.getMOASession(ssoID);
+ try {
+ session = AuthenticationSessionStoreage.getSession(moasession);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Can not find active Session. Single LogOut not possible!");
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ return null;
+
+ }
+ }
+ }
+
+ //store active OAs to SLOContaine
+ List<OASessionStore> dbOAs = AuthenticationSessionStoreage.getAllActiveOAFromMOASession(session);
+ SLOInformationContainer sloContainer = new SLOInformationContainer();
+ sloContainer.setSloRequest(pvpReq);
+ sloContainer.parseActiveOAs(dbOAs, logOutReq.getIssuer().getValue());
+
+ //terminate MOASession
+ try {
+ AuthenticationSessionStoreage.destroySession(session.getSessionID());
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Delete MOASession FAILED.");
+ sloContainer.putFailedOA(AuthConfigurationProvider.getInstance().getPublicURLPrefix());
+
+ }
+
+ //start service provider back channel logout process
+ Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();
+ while (nextOAInterator.hasNext()) {
+ SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next());
+ LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(sloDescr);
+
+ try {
+ List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq);
+
+ LogoutResponse sloResp = null;
+ for (XMLObject el : soapResp) {
+ if (el instanceof LogoutResponse)
+ sloResp = (LogoutResponse) el;
+ }
+
+ if (sloResp == null) {
+ Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ + " FAILED. NO LogOut response received.");
+ sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+
+ }
+
+ checkStatusCode(sloContainer, sloResp);
+
+ } catch (SOAPException e) {
+ Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ + " FAILED.", e);
+ sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+
+ } catch (SecurityException e) {
+ Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ + " FAILED.", e);
+ sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+
+ }
+ }
+
+ //start service provider front channel logout process
+ try {
+ doFrontChannelLogOut(sloContainer, httpReq, httpResp);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("MOA AssertionDatabase ERROR", e);
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ return null;
+
+ }
+
+ } else if (samlReq.getSamlRequest() instanceof LogoutResponse) {
+ Logger.debug("Process Single LogOut response");
+ LogoutResponse logOutResp = (LogoutResponse) samlReq.getSamlRequest();
+
+ try {
+ if (MiscUtil.isEmpty(samlReq.getRelayState())) {
+ Logger.warn("SLO Response from " + logOutResp.getIssuer().getValue()
+ + " has no SAML2 RelayState.");
+ throw new SLOException("pvp2.19", null);
+
+ }
+
+ SLOInformationContainer sloContainer =
+ AssertionStorage.getInstance().get(samlReq.getRelayState(), SLOInformationContainer.class);
+ checkStatusCode(sloContainer, logOutResp);
+ sloContainer.removeFrontChannelOA(logOutResp.getIssuer().getValue());
+ doFrontChannelLogOut(sloContainer, httpReq, httpResp);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("MOA AssertionDatabase ERROR", e);
+ throw new SLOException("pvp2.19", null);
+
+ }
+
+ } else {
+ Logger.error("Process SingleLogOutAction but request is NOT of type LogoutRequest or LogoutResponse.");
+ throw new MOAIDException("pvp2.13", null);
+
+ }
+
+ } else {
+ Logger.error("Process SingleLogOutAction but request is NOT of type MOARequest.");
+ throw new MOAIDException("pvp2.13", null);
+
+ }
+
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+ */
+ @Override
+ public String getDefaultActionName() {
+ return PVP2XProtocol.SINGLELOGOUT;
+ }
+
+ private void checkStatusCode(SLOInformationContainer sloContainer, LogoutResponse logOutResp) {
+ Status status = logOutResp.getStatus();
+ if (!status.getStatusCode().equals(StatusCode.SUCCESS_URI)) {
+ Logger.warn("Single LogOut for OA " + logOutResp.getIssuer().getValue()
+ + " FAILED. (ResponseCode: " + status.getStatusCode().getValue()
+ + " Message: " + status.getStatusMessage().getMessage() + ")");
+ sloContainer.putFailedOA(logOutResp.getIssuer().getValue());
+
+ } else
+ Logger.debug("Single LogOut for OA " + logOutResp.getIssuer().getValue() + " SUCCESS");
+
+ }
+
+ private void doFrontChannelLogOut(SLOInformationContainer sloContainer,
+ HttpServletRequest httpReq, HttpServletResponse httpResp
+ ) throws MOAIDException, MOADatabaseException {
+ String nextOA = sloContainer.getNextFrontChannelOA();
+ if (MiscUtil.isNotEmpty(nextOA)) {
+ SLOInformationImpl sloDescr = sloContainer.getFrontChannelOASessionDescripten(nextOA);
+ LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(sloDescr);
+ String relayState = Random.nextRandom();
+
+ AssertionStorage.getInstance().put(relayState, sloContainer);
+
+ sendFrontChannelSLOMessage(sloDescr.getServiceURL(), sloDescr.getBinding(),
+ sloReq, httpReq, httpResp, relayState);
+
+ } else {
+ //send SLO response to SLO request issuer
+ PVPTargetConfiguration pvpReq = sloContainer.getSloRequest();
+ MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
+ sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+
+ }
+ }
+
+ /**
+ * @param serviceURL
+ * @param binding
+ * @param sloReq
+ * @param httpReq
+ * @param httpResp
+ * @param relayState
+ */
+ private void sendFrontChannelSLOMessage(String serviceURL, String bindingType,
+ RequestAbstractType sloReq, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, String relayState) throws MOAIDException {
+ IEncoder binding = null;
+ if (bindingType.equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = new RedirectBinding();
+
+ } else if (bindingType.equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = new PostBinding();
+
+ }
+
+ if (binding == null) {
+ throw new BindingNotSupportedException(bindingType);
+ }
+
+ try {
+ binding.encodeRequest(httpReq, httpResp, sloReq,
+ serviceURL, relayState);
+
+ } catch (MessageEncodingException e) {
+ Logger.error("Message Encoding exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ } catch (SecurityException e) {
+ Logger.error("Security exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ }
+
+ }
+
+ private void sendFrontChannelSLOMessage(SingleLogoutService consumerService,
+ LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp,
+ String relayState) throws MOAIDException {
+ IEncoder binding = null;
+ if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = new RedirectBinding();
+
+ } else if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = new PostBinding();
+
+ }
+
+ if (binding == null) {
+ throw new BindingNotSupportedException(consumerService.getBinding());
+ }
+
+ try {
+ binding.encodeRespone(req, resp, sloResp,
+ consumerService.getLocation(), relayState);
+
+ } catch (MessageEncodingException e) {
+ Logger.error("Message Encoding exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ } catch (SecurityException e) {
+ Logger.error("Security exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ }
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
new file mode 100644
index 000000000..04d374e93
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -0,0 +1,186 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
+
+import java.util.List;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.StatusMessage;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleLogoutService;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SingleLogOutBuilder {
+
+ public static LogoutRequest buildSLORequestMessage(SLOInformationImpl sloInfo) throws ConfigurationException {
+ LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
+
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ issuer.setFormat(NameID.ENTITY);
+ sloReq.setIssuer(issuer);
+ sloReq.setIssueInstant(new DateTime());
+
+ sloReq.setDestination(sloInfo.getServiceURL());
+
+ NameID nameID = SAML2Utils.createSAMLObject(NameID.class);
+ nameID.setFormat(sloInfo.getUserNameIDFormat());
+ nameID.setValue(sloInfo.getUserNameIdentifier());
+ sloReq.setNameID(nameID );
+
+ return sloReq;
+ }
+
+ public static LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException {
+ LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ issuer.setFormat(NameID.ENTITY);
+ sloResp.setIssuer(issuer);
+ sloResp.setIssueInstant(new DateTime());
+ sloResp.setDestination(sloService.getLocation());
+ Status status = SAML2Utils.createSAMLObject(Status.class);
+ StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
+ statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null));
+ status.setStatusCode(statusCode);
+ status.setStatusMessage(statusMessage);
+ sloResp.setStatus(status);
+ return sloResp;
+ }
+
+ public static LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List<String> failedOAs) throws ConfigurationException {
+ LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ issuer.setFormat(NameID.ENTITY);
+ sloResp.setIssuer(issuer);
+ sloResp.setIssueInstant(new DateTime());
+ sloResp.setDestination(sloService.getLocation());
+
+ Status status;
+ if (failedOAs == null || failedOAs.size() == 0) {
+ status = SAML2Utils.getSuccessStatus();
+
+ } else {
+ status = SAML2Utils.createSAMLObject(Status.class);
+ StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
+ statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null));
+ status.setStatusCode(statusCode);
+ status.setStatusMessage(statusMessage);
+
+ }
+ sloResp.setStatus(status);
+ return sloResp;
+
+ }
+
+ public static SingleLogoutService getRequestSLODescriptor(String entityID) throws NOSLOServiceDescriptorException {
+ try {
+ EntityDescriptor entity = MOAMetadataProvider.getInstance().getEntityDescriptor(entityID);
+ SPSSODescriptor spsso = entity.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ SingleLogoutService sloService = null;
+ for (SingleLogoutService el : spsso.getSingleLogoutServices()) {
+ if (el.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))
+ sloService = el;
+
+ else if (el.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)
+ && (
+ (sloService != null && !sloService.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))
+ || sloService == null)
+ )
+ sloService = el;
+
+ else if (el.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)
+ && (
+ (sloService != null
+ && !sloService.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)
+ && !sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI))
+ || sloService == null)
+ )
+ sloService = el;
+ }
+
+ if (sloService == null) {
+ Logger.error("Found no SLO ServiceDescriptor in Metadata");
+ throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
+
+ }
+ return sloService;
+
+ } catch (MetadataProviderException e) {
+ Logger.error("Found no SLO ServiceDescriptor in Metadata");
+ throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
+ }
+
+ }
+
+ public static SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
+ MOARequest moaReq = (MOARequest) spRequest.getRequest();
+ EntityDescriptor metadata = moaReq.getEntityMetadata();
+ SPSSODescriptor spsso = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ SingleLogoutService sloService = null;
+ for (SingleLogoutService el : spsso.getSingleLogoutServices()) {
+ if (el.getBinding().equals(spRequest.getBinding()))
+ sloService = el;
+ }
+ if (sloService == null && spsso.getSingleLogoutServices().size() != 0)
+ sloService = spsso.getSingleLogoutServices().get(0);
+
+ else {
+ Logger.error("Found no SLO ServiceDescriptor in Metadata");
+ throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null);
+ }
+ return sloService;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
new file mode 100644
index 000000000..204e1c2a5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class NOSLOServiceDescriptorException extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -3073730570511152661L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public NOSLOServiceDescriptorException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
new file mode 100644
index 000000000..9f1b6168e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SLOException extends PVP2Exception {
+ private static final long serialVersionUID = -5284624715788385022L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public SLOException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ // TODO Auto-generated constructor stub
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 6437a4cac..74a5e01ad 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -69,21 +69,6 @@ public class AuthenticationSessionStoreage {
}
}
- public static void setAuthenticated(String moaSessionID, boolean value) {
-
- AuthenticatedSessionStore session;
-
- try {
- session = searchInDatabase(moaSessionID);
- session.setAuthenticated(value);
- MOASessionDBUtils.saveOrUpdate(session);
-
-
- } catch (MOADatabaseException e) {
- Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e);
- }
- }
-
public static AuthenticationSession createSession() throws MOADatabaseException {
String id = Random.nextRandom();
AuthenticationSession session = new AuthenticationSession(id);
@@ -110,108 +95,39 @@ public class AuthenticationSessionStoreage {
return session;
}
-
- public static String createInterfederatedSession(IRequest req, boolean isAuthenticated) throws MOADatabaseException, AssertionAttributeExtractorExeption {
- String id = Random.nextRandom();
- AuthenticationSession session = new AuthenticationSession(id);
- session.setAuthenticated(true);
- session.setAuthenticatedUsed(false);
-
- AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
- dbsession.setSessionid(id);
- dbsession.setAuthenticated(isAuthenticated);
- dbsession.setInterfederatedSSOSession(true);
-
- //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
- Date now = new Date();
- dbsession.setCreated(now);
- dbsession.setUpdated(now);
-
- dbsession.setSession(SerializationUtils.serialize(session));
-
- //add interfederation information
- List<InterfederationSessionStore> idpList = dbsession.getInderfederation();
- InterfederationSessionStore idp = null;
- if (idpList == null) {
- idpList = new ArrayList<InterfederationSessionStore>();
- dbsession.setInderfederation(idpList);
-
- } else {
- for (InterfederationSessionStore el : idpList) {
- //resue old entry if interfederation IDP is reused for authentication
- if (el.getIdpurlprefix().equals(req.getInterfederationResponse().getEntityID()))
- idp = el;
-
- }
- }
- //create new interfederation IDP entry
- if (idp == null) {
- idp = new InterfederationSessionStore();
- idp.setCreated(now);
- idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID());
-
- }
-
- AssertionAttributeExtractor extract = new AssertionAttributeExtractor(req.getInterfederationResponse().getResponse());
- idp.setSessionIndex(extract.getSessionIndex());
- idp.setUserNameID(extract.getNameID());
- idp.setAttributesRequested(false);
- idp.setQAALevel(extract.getQAALevel());
- idp.setMoasession(dbsession);
- idpList.add(idp);
-
+ public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
- //store AssertionStore element to Database
try {
- MOASessionDBUtils.saveOrUpdate(dbsession);
- Logger.info("MOASession with sessionID=" + id + " is stored in Database");
-
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return decryptSession(dbsession);
+
} catch (MOADatabaseException e) {
- Logger.warn("MOASession could not be created.");
- throw new MOADatabaseException(e);
+ Logger.info("No MOA Session with id: " + sessionID);
+ throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+
+ } catch (Throwable e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e);
+ throw new MOADatabaseException("MOASession deserialization-exception");
}
-
- return id;
}
-
+
public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
-
- try {
- AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
- dbsession.setAuthenticated(session.isAuthenticated());
- byte[] serialized = SerializationUtils.serialize(session);
-
- EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
- dbsession.setSession(encdata.getEncData());
- dbsession.setIv(encdata.getIv());
-
- //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
- dbsession.setUpdated(new Date());
-
- MOASessionDBUtils.saveOrUpdate(dbsession);
- Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
-
- } catch (MOADatabaseException e) {
- Logger.warn("MOASession could not be stored.");
- throw new MOADatabaseException(e);
- }
+ storeSession(session, null);
}
public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException {
try {
AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
- dbsession.setPendingRequestID(pendingRequestID);
- dbsession.setAuthenticated(session.isAuthenticated());
- byte[] serialized = SerializationUtils.serialize(session);
-
- EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
- dbsession.setSession(encdata.getEncData());
- dbsession.setIv(encdata.getIv());
+ if (MiscUtil.isNotEmpty(pendingRequestID))
+ dbsession.setPendingRequestID(pendingRequestID);
+
+ encryptSession(session, dbsession);
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setAuthenticated(session.isAuthenticated());
dbsession.setUpdated(new Date());
MOASessionDBUtils.saveOrUpdate(dbsession);
@@ -223,7 +139,6 @@ public class AuthenticationSessionStoreage {
}
}
-
public static void destroySession(String moaSessionID) throws MOADatabaseException {
Session session = MOASessionDBUtils.getCurrentSession();
@@ -246,10 +161,8 @@ public class AuthenticationSessionStoreage {
throw new MOADatabaseException("No session found with this sessionID");
}
- AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
-
- session.getTransaction().commit();
-
+ AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
+ session.getTransaction().commit();
cleanDelete(dbsession);
}
@@ -267,16 +180,11 @@ public class AuthenticationSessionStoreage {
+ "to " + id);
session.setSessionID(id);
+ encryptSession(session, dbsession);
dbsession.setSessionid(id);
dbsession.setAuthenticated(session.isAuthenticated());
-
- byte[] serialized = SerializationUtils.serialize(session);
-
- EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
- dbsession.setSession(encdata.getEncData());
- dbsession.setIv(encdata.getIv());
-
+
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
@@ -290,7 +198,92 @@ public class AuthenticationSessionStoreage {
throw new AuthenticationException("TODO!", null);
}
}
+
+ public static void setAuthenticated(String moaSessionID, boolean value) {
+
+ AuthenticatedSessionStore session;
+
+ try {
+ session = searchInDatabase(moaSessionID);
+ session.setAuthenticated(value);
+ MOASessionDBUtils.saveOrUpdate(session);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e);
+ }
+ }
+
+ public static String getMOASessionSSOID(String SSOSessionID) {
+ MiscUtil.assertNotNull(SSOSessionID, "moasessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithSSOID");
+ query.setParameter("sessionid", SSOSessionID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+
+ } else {
+ return result.get(0).getSessionid();
+
+ }
+ }
+
+ public static boolean isSSOSession(String sessionID) throws MOADatabaseException {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return dbsession.isSSOSession();
+
+ } catch (MOADatabaseException e) {
+ Logger.info("No MOA Session with id: " + sessionID);
+ throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+ }
+ }
+
+ public static AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId, String moaSessionId) {
+ MiscUtil.assertNotNull(SSOId, "SSOSessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithSSOID");
+ query.setParameter("sessionid", SSOId);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+
+ } else {
+ return result.get(0);
+ }
+ }
+
public static void addSSOInformation(String moaSessionID, String SSOSessionID,
SLOInformationInterface SLOInfo, String OAUrl) throws AuthenticationException {
@@ -390,56 +383,36 @@ public class AuthenticationSessionStoreage {
throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null);
}
}
-
-
- public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
+
+ public static List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) {
+ MiscUtil.assertNotNull(moaSession, "MOASession");
try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID());
+ return dbsession.getActiveOAsessions();
- //decrypt Session
- EncryptedData encdata = new EncryptedData(dbsession.getSession(),
- dbsession.getIv());
- byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
-
- AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(decrypted);
-
- return session;
-
} catch (MOADatabaseException e) {
- Logger.info("No MOA Session with id: " + sessionID);
- throw new MOADatabaseException("No MOA Session with id: " + sessionID);
-
- } catch (Throwable e) {
- Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e);
- throw new MOADatabaseException("MOASession deserialization-exception");
- }
- }
-
- public static boolean isSSOSession(String sessionID) throws MOADatabaseException {
- try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
- return dbsession.isSSOSession();
+ Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e);
- } catch (MOADatabaseException e) {
- Logger.info("No MOA Session with id: " + sessionID);
- throw new MOADatabaseException("No MOA Session with id: " + sessionID);
}
-
-
+
+ return null;
}
- public static String getMOASessionSSOID(String SSOSessionID) {
- MiscUtil.assertNotNull(SSOSessionID, "moasessionID");
- Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+ public static AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {
+ MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
+ MiscUtil.assertNotNull(userNameID, "userNameID");
+ Logger.trace("Get moaSession for userNameID " + userNameID + " and OA "
+ + oaID + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
-
+
List<AuthenticatedSessionStore> result;
synchronized (session) {
session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithSSOID");
- query.setParameter("sessionid", SSOSessionID);
+ Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID");
+ query.setParameter("oaID", oaID);
+ query.setParameter("nameID", userNameID);
result = query.list();
//send transaction
@@ -450,28 +423,35 @@ public class AuthenticationSessionStoreage {
//Assertion requires an unique artifact
if (result.size() != 1) {
- Logger.trace("No entries found.");
- return null;
-
- } else {
- return result.get(0).getSessionid();
-
+ Logger.trace("No unique entry found.");
+ return null;
+
}
-
+ try {
+ return decryptSession(result.get(0));
+
+ } catch (BuildException e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e);
+ return null;
+ }
}
- public static AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId, String moaSessionId) {
-
- MiscUtil.assertNotNull(SSOId, "SSOSessionID");
- Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
+ public static OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) {
+ MiscUtil.assertNotNull(moaSession, "MOASession");
+ MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
+ MiscUtil.assertNotNull(protocolType, "usedProtocol");
+ Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID "
+ + oaID + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
List<AuthenticatedSessionStore> result;
synchronized (session) {
session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithSSOID");
- query.setParameter("sessionid", SSOId);
+ Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
+ query.setParameter("sessionID", moaSession.getSessionID());
+ query.setParameter("oaID", oaID);
+ query.setParameter("protocol", protocolType);
result = query.list();
//send transaction
@@ -481,14 +461,58 @@ public class AuthenticationSessionStoreage {
Logger.trace("Found entries: " + result.size());
//Assertion requires an unique artifact
- if (result.size() != 1) {
+ if (result.size() == 0) {
Logger.trace("No entries found.");
- return null;
-
- } else {
- return result.get(0);
+ return null;
+
}
-
+
+ return result.get(0).getActiveOAsessions().get(0);
+ }
+
+ public static String getPendingRequestID(String sessionID) {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return dbsession.getPendingRequestID();
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession with ID " + sessionID + " not found");
+ return "";
+ }
+ }
+
+ public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) {
+ try {
+ MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");
+ Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithPendingRequestID");
+ query.setParameter("sessionid", pedingRequestID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+ }
+
+ return decryptSession(result.get(0));
+
+ } catch (Throwable e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID);
+ return null;
+ }
}
public static boolean deleteSessionWithPendingRequestID(String id) {
@@ -522,20 +546,7 @@ public class AuthenticationSessionStoreage {
}
-
- public static String getPendingRequestID(String sessionID) {
- try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
- return dbsession.getPendingRequestID();
- } catch (MOADatabaseException e) {
- Logger.warn("MOASession with ID " + sessionID + " not found");
- return "";
- }
-
- }
-
-
public static AuthenticationSession getSessionWithUserNameID(String nameID) {
try {
@@ -558,149 +569,20 @@ public class AuthenticationSessionStoreage {
Logger.trace("Found entries: " + result.size());
//Assertion requires an unique artifact
- if (result.size() != 1) {
+ if (result.size() == 0) {
Logger.trace("No entries found.");
return null;
}
- //decrypt Session
- EncryptedData encdata = new EncryptedData(result.get(0).getSession(),
- result.get(0).getIv());
- byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
- return (AuthenticationSession) SerializationUtils.deserialize(decrypted);
-
-
+ return decryptSession(result.get(0));
+
} catch (Throwable e) {
Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID);
return null;
}
}
-
- public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) {
-
- try {
- MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");
- Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
-
- List<AuthenticatedSessionStore> result;
-
- synchronized (session) {
- session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithPendingRequestID");
- query.setParameter("sessionid", pedingRequestID);
- result = query.list();
-
- //send transaction
- session.getTransaction().commit();
- }
-
- Logger.trace("Found entries: " + result.size());
-
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No entries found.");
- return null;
- }
-
- //decrypt Session
- EncryptedData encdata = new EncryptedData(result.get(0).getSession(),
- result.get(0).getIv());
- byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
- return (AuthenticationSession) SerializationUtils.deserialize(decrypted);
-
-
- } catch (Throwable e) {
- Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID);
- return null;
- }
- }
-
- public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) {
- Date expioredatecreate = new Date(now - authDataTimeOutCreated);
- Date expioredateupdate = new Date(now - authDataTimeOutUpdated);
-
- List<AuthenticatedSessionStore> results;
- Session session = MOASessionDBUtils.getCurrentSession();
-
- synchronized (session) {
- session.beginTransaction();
- Query query = session.getNamedQuery("getMOAISessionsWithTimeOut");
- query.setTimestamp("timeoutcreate", expioredatecreate);
- query.setTimestamp("timeoutupdate", expioredateupdate);
- results = query.list();
- session.getTransaction().commit();
- }
-
- if (results.size() != 0) {
- for(AuthenticatedSessionStore result : results) {
- try {
- cleanDelete(result);
- Logger.info("Authenticated session with sessionID=" + result.getSessionid()
- + " after session timeout.");
- } catch (HibernateException e){
- Logger.warn("Authenticated session with sessionID=" + result.getSessionid()
- + " not removed after timeout! (Error during Database communication)", e);
- }
-
- }
- }
- }
-
- private static void cleanDelete(AuthenticatedSessionStore result) {
- try {
- result.setSession(new byte[] {});
- MOASessionDBUtils.saveOrUpdate(result);
-
- } catch (MOADatabaseException e) {
- Logger.warn("Blank authenticated session with sessionID=" + result.getSessionid() + " FAILED.", e);
-
- } finally {
- if (!MOASessionDBUtils.delete(result))
- Logger.error("Authenticated session with sessionID=" + result.getSessionid()
- + " not removed! (Error during Database communication)");
-
- }
-
-
- }
-
- public static OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) {
- MiscUtil.assertNotNull(moaSession, "MOASession");
- MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
- MiscUtil.assertNotNull(protocolType, "usedProtocol");
- Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID "
- + oaID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
-
- List<AuthenticatedSessionStore> result;
-
- synchronized (session) {
- session.beginTransaction();
- Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
- query.setParameter("sessionID", moaSession.getSessionID());
- query.setParameter("oaID", oaID);
- query.setParameter("protocol", protocolType);
- result = query.list();
-
- //send transaction
- session.getTransaction().commit();
- }
-
- Logger.trace("Found entries: " + result.size());
-
- //Assertion requires an unique artifact
- if (result.size() == 0) {
- Logger.trace("No entries found.");
- return null;
-
- }
-
- return result.get(0).getActiveOAsessions().get(0);
- }
-
public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) {
MiscUtil.assertNotNull(sessionID, "MOASession");
Logger.trace("Get interfederated IDP for SSO with sessionID " + sessionID + " from database.");
@@ -761,6 +643,70 @@ public class AuthenticationSessionStoreage {
return result.get(0).getInderfederation().get(0);
}
+ public static String createInterfederatedSession(IRequest req, boolean isAuthenticated) throws MOADatabaseException, AssertionAttributeExtractorExeption {
+ String id = Random.nextRandom();
+ AuthenticationSession session = new AuthenticationSession(id);
+ session.setAuthenticated(true);
+ session.setAuthenticatedUsed(false);
+
+ AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
+ dbsession.setSessionid(id);
+ dbsession.setAuthenticated(isAuthenticated);
+ dbsession.setInterfederatedSSOSession(true);
+
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ Date now = new Date();
+ dbsession.setCreated(now);
+ dbsession.setUpdated(now);
+
+ dbsession.setSession(SerializationUtils.serialize(session));
+
+ //add interfederation information
+ List<InterfederationSessionStore> idpList = dbsession.getInderfederation();
+ InterfederationSessionStore idp = null;
+ if (idpList == null) {
+ idpList = new ArrayList<InterfederationSessionStore>();
+ dbsession.setInderfederation(idpList);
+
+ } else {
+ for (InterfederationSessionStore el : idpList) {
+ //resue old entry if interfederation IDP is reused for authentication
+ if (el.getIdpurlprefix().equals(req.getInterfederationResponse().getEntityID()))
+ idp = el;
+
+ }
+ }
+
+ //create new interfederation IDP entry
+ if (idp == null) {
+ idp = new InterfederationSessionStore();
+ idp.setCreated(now);
+ idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID());
+
+ }
+
+ AssertionAttributeExtractor extract = new AssertionAttributeExtractor(req.getInterfederationResponse().getResponse());
+ idp.setSessionIndex(extract.getSessionIndex());
+ idp.setUserNameID(extract.getNameID());
+ idp.setAttributesRequested(false);
+ idp.setQAALevel(extract.getQAALevel());
+ idp.setMoasession(dbsession);
+ idpList.add(idp);
+
+
+ //store AssertionStore element to Database
+ try {
+ MOASessionDBUtils.saveOrUpdate(dbsession);
+ Logger.info("MOASession with sessionID=" + id + " is stored in Database");
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession could not be created.");
+ throw new MOADatabaseException(e);
+ }
+
+ return id;
+ }
+
public static InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession) {
MiscUtil.assertNotNull(moaSession, "MOASession");
Logger.trace("Get interfederated IDP for AttributeQuery with sessionID " + moaSession.getSessionID() + " from database.");
@@ -790,35 +736,6 @@ public class AuthenticationSessionStoreage {
return result.get(0).getInderfederation().get(0);
}
- @SuppressWarnings("rawtypes")
- private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException {
- MiscUtil.assertNotNull(sessionID, "moasessionID");
- Logger.trace("Get authenticated session with sessionID " + sessionID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
-
- List result;
-
- synchronized (session) {
- session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithID");
- query.setParameter("sessionid", sessionID);
- result = query.list();
-
- //send transaction
- session.getTransaction().commit();
- }
-
- Logger.trace("Found entries: " + result.size());
-
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No entries found.");
- throw new MOADatabaseException("No session found with this sessionID");
- }
-
- return (AuthenticatedSessionStore) result.get(0);
- }
-
/**
* @param entityID
* @param requestID
@@ -872,4 +789,97 @@ public class AuthenticationSessionStoreage {
return false;
}
}
+
+ public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) {
+ Date expioredatecreate = new Date(now - authDataTimeOutCreated);
+ Date expioredateupdate = new Date(now - authDataTimeOutUpdated);
+
+ List<AuthenticatedSessionStore> results;
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getMOAISessionsWithTimeOut");
+ query.setTimestamp("timeoutcreate", expioredatecreate);
+ query.setTimestamp("timeoutupdate", expioredateupdate);
+ results = query.list();
+ session.getTransaction().commit();
+ }
+
+ if (results.size() != 0) {
+ for(AuthenticatedSessionStore result : results) {
+ try {
+ cleanDelete(result);
+ Logger.info("Authenticated session with sessionID=" + result.getSessionid()
+ + " after session timeout.");
+
+ } catch (HibernateException e){
+ Logger.warn("Authenticated session with sessionID=" + result.getSessionid()
+ + " not removed after timeout! (Error during Database communication)", e);
+ }
+ }
+ }
+ }
+
+ private static void encryptSession(AuthenticationSession session, AuthenticatedSessionStore dbsession) throws BuildException {
+ byte[] serialized = SerializationUtils.serialize(session);
+
+ EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
+ dbsession.setSession(encdata.getEncData());
+ dbsession.setIv(encdata.getIv());
+ }
+
+ private static AuthenticationSession decryptSession(AuthenticatedSessionStore dbsession) throws BuildException {
+ EncryptedData encdata = new EncryptedData(dbsession.getSession(),
+ dbsession.getIv());
+ byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
+
+ return (AuthenticationSession) SerializationUtils.deserialize(decrypted);
+
+ }
+
+ private static void cleanDelete(AuthenticatedSessionStore result) {
+ try {
+ result.setSession(new byte[] {});
+ MOASessionDBUtils.saveOrUpdate(result);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Blank authenticated session with sessionID=" + result.getSessionid() + " FAILED.", e);
+
+ } finally {
+ if (!MOASessionDBUtils.delete(result))
+ Logger.error("Authenticated session with sessionID=" + result.getSessionid()
+ + " not removed! (Error during Database communication)");
+
+ }
+ }
+
+ @SuppressWarnings("rawtypes")
+ private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException {
+ MiscUtil.assertNotNull(sessionID, "moasessionID");
+ Logger.trace("Get authenticated session with sessionID " + sessionID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithID");
+ query.setParameter("sessionid", sessionID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No session found with this sessionID");
+ }
+
+ return (AuthenticatedSessionStore) result.get(0);
+ }
}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 0a228c318..72fb8cf27 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -234,6 +234,8 @@ pvp2.14=SAML Anfrage verweigert
pvp2.15=Keine Metadateninformation gefunden
pvp2.16=Fehler beim verschl\u00FCsseln der PVP2 Assertion
pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1}
+pvp2.18=Es konnten nicht alle Single Sign-On Sessions beendet werden.
+pvp2.19=Der Single LogOut Vorgang wurde wegen eines unkorregierbaren Fehler abgebrochen.
oauth20.01=Fehlerhafte redirect url
oauth20.02=Fehlender Parameter "{0}"
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index cfab6b0d5..2a65366b8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -56,6 +56,7 @@ import org.hibernate.annotations.DynamicUpdate;
@NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeoutcreate or authenticatedsessionstore.updated < :timeoutupdate"),
@NamedQuery(name="getMOAISessionWithUserNameID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.userNameID = :usernameid and activeOAsessions.attributeQueryUsed is false"),
@NamedQuery(name="getActiveOAWithSessionIDandOAIDandProtocol", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.oaurlprefix = :oaID and activeOAsessions.protocolType = :protocol and authenticatedsessionstore.sessionid = :sessionID"),
+ @NamedQuery(name="getMOASessionWithNameIDandOAID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.oaurlprefix = :oaID and activeOAsessions.userNameID = :nameID"),
@NamedQuery(name="getInterfederatedIDPForAttributeQueryWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is false and authenticatedsessionstore.sessionid = :sessionID"),
@NamedQuery(name="getInterfederatedIDPForSSOWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID order by inderfederations.QAALevel DESC"),
@NamedQuery(name="getInterfederatedIDPForSSOWithSessionIDIDPID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID and inderfederations.idpurlprefix = :idpID")