summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--id/server/idserverlib/pom.xml7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java17
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java20
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java4
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java10
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java4
7 files changed, 48 insertions, 16 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index fcadf1f36..c1533eeb7 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -277,7 +277,12 @@
<groupId>org.bouncycastle</groupId>
</exclusion>
</exclusions>
- </dependency>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.santuario</groupId>
+ <artifactId>xmlsec</artifactId>
+ <version>2.0.5</version>
+ </dependency>
<!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) -->
<dependency>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 4c83d0ea4..908c7e7b6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -1110,7 +1110,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
if (MiscUtil.isNotEmpty(eIDASOutboundCountry) && !COUNTRYCODE_AUSTRIA.equals(eIDASOutboundCountry)) {
Pair<String, String> eIDASID = new BPKBuilder().buildeIDASIdentifer(baseIDType, baseID,
COUNTRYCODE_AUSTRIA, eIDASOutboundCountry);
- Logger.trace("Authenticate user with bPK:" + eIDASID.getFirst() + " Type:" + eIDASID.getSecond());
+ Logger.debug("Authenticate user with bPK:" + eIDASID.getFirst() + " Type:" + eIDASID.getSecond());
return eIDASID;
} else if (oaParam.getBusinessService()) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
index 2c0f1cf8c..9adffe6fd 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -75,12 +75,13 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
// use SAML2 relayState
if (sessionId == null) {
sessionId = StringEscapeUtils.escapeHtml(request.getParameter("RelayState"));
- }
+ } else
+ Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id.");
// take from InResponseTo attribute of SAMLResponse
- if (sessionId == null) {
- String base64SamlToken = request.getParameter("SAMLResponse");
- if (base64SamlToken != null && false) {
+// if (sessionId == null) {
+// String base64SamlToken = request.getParameter("SAMLResponse");
+// if (base64SamlToken != null && false) {
// byte[] samlToken = Base64Utils.decode(base64SamlToken, false);
// Document samlResponse = parseDocument(new ByteArrayInputStream(samlToken));
//
@@ -91,10 +92,10 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController {
// XPathExpression expression = xPath.compile("string(/saml2p:Response/@InResponseTo)");
// sessionId = (String) expression.evaluate(samlResponse, XPathConstants.STRING);
// sessionId = StringEscapeUtils.escapeHtml(StringUtils.trimToNull(sessionId));
- } else {
- Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id.");
- }
- }
+// } else {
+// Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id.");
+// }
+// }
} catch (Exception e) {
Logger.warn("Unable to retrieve moa session id.", e);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 3c33b8d58..563c3a18c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -26,6 +26,8 @@ public class EIDASData extends RequestImpl {
/** The ip address of the requester. */
private String remoteIPAddress;
+ private String remoteRelayState;
+
@Override
public Collection<String> getRequestedAttributes() {
// TODO Auto-generated method stub
@@ -85,4 +87,22 @@ public class EIDASData extends RequestImpl {
public void setRemoteAddress(String remoteIP) {
remoteIPAddress = remoteIP;
}
+
+ /**
+ * Gets the remote relay state.
+ *
+ * @return the remote relay state
+ */
+ public String getRemoteRelayState() {
+ return remoteRelayState;
+ }
+
+ /**
+ * Sets the remote relay state.
+ *
+ * @param relayState the new remote relay state
+ */
+ public void setRemoteRelayState(String relayState) {
+ remoteRelayState = relayState;
+ }
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 83fadb04e..1c0e60c63 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -151,6 +151,10 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
// - memorize remote ip
pendingReq.setRemoteAddress(request.getRemoteAddr());
+ // - memorize relaystate
+ String relayState = request.getParameter("RelayState");
+ pendingReq.setRemoteRelayState(relayState);
+
// - memorize country code of target country
pendingReq.setGenericDataToSession(
RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry());
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index 557b83487..4e45d2f47 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -32,6 +32,7 @@ import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.eidas.SPType;
import eu.eidas.auth.engine.metadata.MetadataConfigParams;
import eu.eidas.auth.engine.metadata.MetadataGenerator;
import eu.eidas.engine.exceptions.SAMLEngineException;
@@ -64,7 +65,7 @@ public class EidasMetaDataRequest implements IAction {
logger.trace(metaData);
- httpResp.setContentType(MediaType.TEXT_XML.getType());
+ httpResp.setContentType(MediaType.APPLICATION_XML.getType());
httpResp.getWriter().print(metaData);
httpResp.flushBuffer();
} catch (Exception e) {
@@ -103,16 +104,15 @@ public class EidasMetaDataRequest implements IAction {
MetadataConfigParams mcp=new MetadataConfigParams();
generator.setConfigParams(mcp);
generator.initialize(engine);
- mcp.setEntityID(metadata_url);
- String returnUrl = sp_return_url;
- mcp.setAssertionConsumerUrl(returnUrl);
+ mcp.setEntityID(metadata_url);
+ mcp.setSpType(SPType.DEFAULT_VALUE);
+ mcp.setAssertionConsumerUrl(sp_return_url);
mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial"); // TODO make configurable
generator.addSPRole();
generator.addIDPRole();
-
metadata = generator.generateMetadata();
return metadata;
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 4ab587159..d9663092f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -146,7 +146,9 @@ public class eIDASAuthenticationRequest implements IAction {
VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
VelocityContext context = new VelocityContext();
-
+
+ context.put("RelayState", eidasRequest.getRemoteRelayState());
+
context.put("SAMLResponse", token);
Logger.debug("SAMLResponse original: " + token);
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-25 13:31:14 +0000