diff options
3 files changed, 21 insertions, 10 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 4709f8c68..e7abf0f9a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1877,6 +1877,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {              Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm");              VelocityContext context = new VelocityContext();              context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); +            context.put("RelayState", moasession.getSessionID());              context.put("action", destination);              StringWriter writer = new StringWriter(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 024944c72..25749c8bc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -114,18 +114,28 @@ public class PEPSConnectorServlet extends AuthServlet {  			//check if https or only http
  			super.checkIfHTTPisAllowed(request.getRequestURL().toString());
 -			Logger.debug("Trying to find MOA Session-ID");			
 +			Logger.debug("Trying to find MOA Session-ID ...");			
  		    String moaSessionID = request.getParameter(PARAM_SESSIONID);
  		    // escape parameter strings
  		    moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID);
  			if (StringUtils.isEmpty(moaSessionID)) {
 -				//No authentication session has been started before
 -				Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
 -				Logger.debug("PEPSConnectorURL was: " + request.getRequestURL());
 -				throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
 -			}
 +				//check if SAML2 relaystate includes a MOA sessionID
 +				moaSessionID = request.getParameter("RelayState");
 +				moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID);
 +				
 +				if (StringUtils.isEmpty(moaSessionID)) {				
 +					//No authentication session has been started before
 +					Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
 +					Logger.debug("PEPSConnectorURL was: " + request.getRequestURL());
 +					throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
 +					
 +				} else 
 +					Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState.");
 +					
 +			} else 
 +				Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter.");
  	         if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
  	             throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
 diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java index 8bad43431..182995786 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java @@ -78,8 +78,8 @@ public class AuthenticatedSessionStore implements Serializable{  	@Column(name = "SSOsessionid")  	private String SSOsessionid; -	@Column(name = "session", nullable=false) -	@Lob private byte [] session; +	@Column(name = "authSession", nullable=false) +	@Lob private byte [] authSession;  	@Column(name = "iv", nullable=true)  	@Lob private byte [] iv; @@ -148,11 +148,11 @@ public class AuthenticatedSessionStore implements Serializable{  	}  	public byte[] getSession() { -		return session; +		return authSession;  	}  	public void setSession(byte[] session) { -		this.session = session; +		this.authSession = session;  	}  	public boolean isAuthenticated() { | 
