diff options
Diffstat (limited to 'id.server/doc/moa_id/examples')
12 files changed, 369 insertions, 0 deletions
diff --git a/id.server/doc/moa_id/examples/BKUSelectionTemplate.html b/id.server/doc/moa_id/examples/BKUSelectionTemplate.html new file mode 100644 index 000000000..11c9352d2 --- /dev/null +++ b/id.server/doc/moa_id/examples/BKUSelectionTemplate.html @@ -0,0 +1,4 @@ +<form name="CustomizedForm" method="post" action="<StartAuth>"> +<BKUSelect> +<input type="submit" value="Auswählen"/> +</form> diff --git a/id.server/doc/moa_id/examples/ChainingModes.txt b/id.server/doc/moa_id/examples/ChainingModes.txt new file mode 100644 index 000000000..820b60d06 --- /dev/null +++ b/id.server/doc/moa_id/examples/ChainingModes.txt @@ -0,0 +1,6 @@ + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> diff --git a/id.server/doc/moa_id/examples/IdentityLinkSigners.txt b/id.server/doc/moa_id/examples/IdentityLinkSigners.txt new file mode 100644 index 000000000..faed15030 --- /dev/null +++ b/id.server/doc/moa_id/examples/IdentityLinkSigners.txt @@ -0,0 +1,3 @@ + <IdentityLinkSigners> + <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName> + </IdentityLinkSigners> diff --git a/id.server/doc/moa_id/examples/LoginServletExample.txt b/id.server/doc/moa_id/examples/LoginServletExample.txt new file mode 100644 index 000000000..e085e4126 --- /dev/null +++ b/id.server/doc/moa_id/examples/LoginServletExample.txt @@ -0,0 +1,171 @@ +import java.io.IOException; +import java.util.Vector; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.xml.namespace.QName; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.rpc.Call; +import javax.xml.rpc.Service; +import javax.xml.rpc.ServiceFactory; + +import org.apache.axis.message.SOAPBodyElement; +import org.apache.xml.serialize.LineSeparator; +import org.apache.xml.serialize.OutputFormat; +import org.apache.xml.serialize.XMLSerializer; +import org.jaxen.JaxenException; +import org.jaxen.SimpleNamespaceContext; +import org.jaxen.dom.DOMXPath; +import org.w3c.dom.Attr; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +/** + * Beispiel für ein Login-Servlet, das von MOA-ID-AUTH über einen Redirect aufgerufen wird. + * Es werden demonstriert: + * - Parameterübergabe von MOA-ID-AUTH + * - Aufruf des MOA-ID-AUTH Web Service zum Abholen der Anmeldedaten über das Apache Axis Framework + * - Parsen der Anmeldedaten mittels der XPath Engine "Jaxen" + * - Speichern der Anmeldedaten in der HTTPSession + * - Redirect auf die eigentliche Startseite der OA + * + * @author Paul Ivancsics + */ +public class LoginServletExample extends HttpServlet { + + // Web Service QName und Endpoint + private static final QName SERVICE_QNAME = new QName("GetAuthenticationData"); + private static final String ENDPOINT = + "http://localhost:8080/moa-id-auth/services/GetAuthenticationData"; + // NamespaceContext für Jaxen + private static SimpleNamespaceContext NS_CONTEXT; + static { + NS_CONTEXT = new SimpleNamespaceContext(); + NS_CONTEXT.addNamespace("saml", "urn:oasis:names:tc:SAML:1.0:assertion"); + NS_CONTEXT.addNamespace("samlp", "urn:oasis:names:tc:SAML:1.0:protocol"); + NS_CONTEXT.addNamespace("pr", "http://reference.e-government.gv.at/namespace/persondata/20020228#"); + } + + /** + * Servlet wird von MOA-ID-AUTH nach erfolgter Authentisierung über ein Redirect aufgerufen. + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + // Parameter "Target" und "SAMLArtifact" aus dem Redirect von MOA-ID-AUTH lesen + String target = req.getParameter("Target"); + String samlArtifact = req.getParameter("SAMLArtifact"); + + try { + // DOMBuilder instanzieren + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + DocumentBuilder builder = factory.newDocumentBuilder(); + + // <samlp:Request> zusammenstellen und in einen DOM-Baum umwandeln + String samlRequest = + "<?xml version=\"1.0\" encoding=\"UTF-8\"?><samlp:Request IssueInstant=\"2003-01-01T00:00:00+02:00\" MajorVersion=\"1\" MinorVersion=\"0\" RequestID=\"12345678901234567890\" xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\"><samlp:AssertionArtifact>" + + samlArtifact + + "</samlp:AssertionArtifact></samlp:Request>"; + Document root_request = builder.parse(samlRequest); + + // Neues SOAPBodyElement anlegen und mit dem DOM-Baum füllen + SOAPBodyElement body = new SOAPBodyElement(root_request.getDocumentElement()); + SOAPBodyElement[] params = new SOAPBodyElement[] { body }; + + // AXIS-Service für Aufruf von MOA-ID-AUTH instanzieren + Service service = ServiceFactory.newInstance().createService(SERVICE_QNAME); + + // Axis-Call erzeugen und mit Endpoint verknüpfen + Call call = service.createCall(); + call.setTargetEndpointAddress(ENDPOINT); + + // Call aufrufen und die Antwort speichern + System.out.println("Calling MOA-ID-AUTH ..."); + Vector responses = (Vector) call.invoke(params); + + // erstes BodyElement auslesen + SOAPBodyElement response = (SOAPBodyElement) responses.get(0); + + // <samlp:Response> als DOM-Baum holen + Document responseDocument = response.getAsDocument(); + Element samlResponse = responseDocument.getDocumentElement(); + + // <samlp:Response> auf System.out ausgeben + System.out.println("Response received:"); + OutputFormat format = new OutputFormat((Document) responseDocument); + format.setLineSeparator(LineSeparator.Windows); + format.setIndenting(true); + format.setLineWidth(0); + XMLSerializer serializer = new XMLSerializer(System.out, format); + serializer.asDOMSerializer(); + serializer.serialize(responseDocument); + + // <samlp:StatusCode> auslesen + Attr statusCodeAttr = (Attr)getNode(samlResponse, "/samlp:Response/samlp:Status/samlp:StatusCode/@Value"); + String samlStatusCode = statusCodeAttr.getValue(); + System.out.println("StatusCode: " + samlStatusCode); + + // <saml:Assertion> auslesen + if ("samlp:Success".equals(samlStatusCode)) { + Element samlAssertion = (Element)getNode(samlResponse, "/samlp:Response/saml:Assertion"); + + // FamilyName aus der <saml:Assertion> parsen + Node familyNameNode = getNode(samlAssertion, "//saml:AttributeStatement/saml:Attribute[@AttributeName=\"PersonData\"]/saml:AttributeValue/pr:Person/pr:Name/pr:FamilyName"); + String familyName = getText(familyNameNode); + System.out.println("Family name: " + familyName); + + // weitere Anmeldedaten aus der <saml:Assertion> parsen + // ... + + // Anmeldedaten und Target in der HTTPSession speichern + HttpSession session = req.getSession(); + session.setAttribute("UserFamilyName", familyName); + session.setAttribute("Geschaeftsbereich", target); + + // weitere Anmeldedaten in der HTTPSession speichern + // ... + + // Redirect auf die eigentliche Startseite + resp.sendRedirect("/index.jsp"); + } + } + catch (Exception ex) { + ex.printStackTrace(); + } + } + /** Returns the first node matching an XPath expression. */ + private static Node getNode(Node contextNode, String xpathExpression) throws JaxenException { + DOMXPath xpath = new DOMXPath(xpathExpression); + xpath.setNamespaceContext(NS_CONTEXT); + return (Node) xpath.selectSingleNode(contextNode); + } + /** Returns the text that a node contains. */ + public static String getText(Node node) { + if (!node.hasChildNodes()) { + return ""; + } + + StringBuffer result = new StringBuffer(); + NodeList list = node.getChildNodes(); + for (int i = 0; i < list.getLength(); i++) { + Node subnode = list.item(i); + if (subnode.getNodeType() == Node.TEXT_NODE) { + result.append(subnode.getNodeValue()); + } else if (subnode.getNodeType() == Node.CDATA_SECTION_NODE) { + result.append(subnode.getNodeValue()); + } else if (subnode.getNodeType() == Node.ENTITY_REFERENCE_NODE) { + // Recurse into the subtree for text + // (and ignore comments) + result.append(getText(subnode)); + } + } + return result.toString(); + } +} diff --git a/id.server/doc/moa_id/examples/Template.html b/id.server/doc/moa_id/examples/Template.html new file mode 100644 index 000000000..97e54c6af --- /dev/null +++ b/id.server/doc/moa_id/examples/Template.html @@ -0,0 +1,23 @@ +<form name="CustomizedForm" + action="<BKU>" + method="post"> + <input type="hidden" + name="XMLRequest" + value="<XMLRequest>"/> + <input type="hidden" + name="DataURL" + value="<DataURL>"/> + <input type="submit" value="Bürgerkarte lesen"/> +</form> +<form name="CustomizedInfoForm" + action="<BKU>" + method="post"> + <input type="hidden" + name="XMLRequest" + value="<CertInfoXMLRequest>"/> + <input type="hidden" + name="DataURL" + value="<CertInfoDataURL>"/> + Hier finden Sie weitere Informationen zur Überprüfung der Zertifikate.<br/> + <input type="submit" value="Weitere Info"/> +</form>
\ No newline at end of file diff --git a/id.server/doc/moa_id/examples/TransformsInfoAuthBlock.txt b/id.server/doc/moa_id/examples/TransformsInfoAuthBlock.txt new file mode 100644 index 000000000..396d0faea --- /dev/null +++ b/id.server/doc/moa_id/examples/TransformsInfoAuthBlock.txt @@ -0,0 +1,63 @@ +<sl10:TransformsInfo> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"> + <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> + <html> + <body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> + <table border="1"> + <tr> + <td> + <b>Name:</b> + </td> + <td> + <xsl:value-of select="//@Issuer"/> + </td> + </tr> + <tr> + <td> + <b>Zeit:</b> + </td> + <td> + <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/> + </td> + </tr> + <tr> + <td> + <b>Applikation:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td> + <b>Geschäftsbereich:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td> + <b>Anmeldeserver:</b> + </td> + <td> + <xsl:value-of select="//saml:NameIdentifier"/> + </td> + </tr> + </table> + </body> + </html> + </xsl:template> + </xsl:stylesheet> + </dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> + </dsig:Transforms> + <sl10:FinalDataMetaInfo> + <sl10:MimeType>text/html</sl10:MimeType> + </sl10:FinalDataMetaInfo> +</sl10:TransformsInfo> diff --git a/id.server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml b/id.server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml new file mode 100644 index 000000000..6ce00228c --- /dev/null +++ b/id.server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 rel. 3 U (http://www.xmlspy.com) by Stephan G (Comp) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <BKUSelection> + <ConnectionParameter URL="http://10.16.46.108:18080/oa/getBKUSelectTag.jsp"/> + </BKUSelection> + <SecurityLayer> + <TransformsInfo filename="file:/home/moa/id/jakarta-tomcat-4.1.18/conf/moa-id/Transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="https://10.16.46.108:8443/moa-spss/services/SignatureVerification"> + <AcceptedServerCertificates>file:/home/moa/id/jakarta-tomcat-4.1.18/conf/moa-id/certs/server-certs</AcceptedServerCertificates> + <ClientKeyStore password="Keystore Pass">file:/c:/</ClientKeyStore> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="http://moatestlinux:18080/moa-id-auth/services/GetAuthenticationData"> + <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="https://10.16.126.28:9443/moa-id-proxy/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/> + <ProxyComponent configFileURL="file:/home/moa/id/jakarta-tomcat-4.1.18/conf/moa-id/oa/OAConf.xml" sessionTimeOut="600"> + <ConnectionParameter URL="https://moatestlinux:18443/oa/"> + <AcceptedServerCertificates>file:/home/moa/id/jakarta-tomcat-4.1.18/conf/moa-id/oa/server-certs/tomcat</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="file:/home/moa/id/jakarta-tomcat-4.1.18/conf/moa-id/certs/cert-store-root"/> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> +</MOA-IDConfiguration> diff --git a/id.server/doc/moa_id/examples/conf/OAConfBasicAuth.xml b/id.server/doc/moa_id/examples/conf/OAConfBasicAuth.xml new file mode 100644 index 000000000..0e4508036 --- /dev/null +++ b/id.server/doc/moa_id/examples/conf/OAConfBasicAuth.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <LoginType>stateful</LoginType> + <BasicAuth> + <UserID>MOAFamilyName</UserID> + <Password>MOADateOfBirth</Password> + </BasicAuth> +</Configuration> + +<!-- Example for resulting "UserID:Password" used for basic authentication: +Mustermann:1985-12-01 +-->
\ No newline at end of file diff --git a/id.server/doc/moa_id/examples/conf/OAConfHeaderAuth.xml b/id.server/doc/moa_id/examples/conf/OAConfHeaderAuth.xml new file mode 100644 index 000000000..c1a1964bf --- /dev/null +++ b/id.server/doc/moa_id/examples/conf/OAConfHeaderAuth.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <LoginType>stateful</LoginType> + <HeaderAuth> + <Parameter Name="Name" Value="MOAFamilyName"/> + <Parameter Name="Vorname" Value="MOAGivenName"/> + <Parameter Name="Geburtsdatum" Value="MOADateOfBirth"/> + <Parameter Name="VPK" Value="MOAVPK"/> + </HeaderAuth> +</Configuration> + +<!-- Example for resulting request headers: +Name:Mustermann +Vorname:Hermann +Geburtsdatum:1985-12-01 +VPK:kp6hOq6LRAkLtrqm6EvDm6bMwJw= +-->
\ No newline at end of file diff --git a/id.server/doc/moa_id/examples/conf/OAConfParamAuth.xml b/id.server/doc/moa_id/examples/conf/OAConfParamAuth.xml new file mode 100644 index 000000000..18e0a109c --- /dev/null +++ b/id.server/doc/moa_id/examples/conf/OAConfParamAuth.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <LoginType>stateful</LoginType> + <ParamAuth> + <Parameter Name="Name" Value="MOAFamilyName"/> + <Parameter Name="Vorname" Value="MOAGivenName"/> + <Parameter Name="Geburtsdatum" Value="MOADateOfBirth"/> + <Parameter Name="VPK" Value="MOAVPK"/> + </ParamAuth> +</Configuration> + +<!-- Example for resulting request parameters: +Name=Mustermann&Vorname=Hermann&Geburtsdatum=1985-12-01&VPK=kp6hOq6LRAkLtrqm6EvDm6bMwJw= +-->
\ No newline at end of file diff --git a/id.server/doc/moa_id/examples/moa-id-env-linux.txt b/id.server/doc/moa_id/examples/moa-id-env-linux.txt new file mode 100644 index 000000000..995d0b4d4 --- /dev/null +++ b/id.server/doc/moa_id/examples/moa-id-env-linux.txt @@ -0,0 +1 @@ +export CATALINA_OPTS="-Dmoa.id.configuration=/home/moa/jakarta-tomcat-4.1.18/conf/moa-id/MOAIDConfiguration.xml -Dlog4j.configuration=file:/home/moa/jakarta-tomcat-4.1.18/conf/moa-id/log4j.properties" diff --git a/id.server/doc/moa_id/examples/moa-id-env-windows.txt b/id.server/doc/moa_id/examples/moa-id-env-windows.txt new file mode 100644 index 000000000..109c196cf --- /dev/null +++ b/id.server/doc/moa_id/examples/moa-id-env-windows.txt @@ -0,0 +1 @@ +set CATALINA_OPTS=-Dmoa.id.configuration=c:\jakarta-tomcat-4.1.18\conf\moa-id\MOAIDConfiguration.xml -Dlog4j.configuration=file:c:\jakarta-tomcat-4.1.18\conf\moa-id\log4j.properties |