diff options
Diffstat (limited to 'id.server/src/at/gv')
4 files changed, 47 insertions, 6 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 2baa172f1..0d3166090 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -446,7 +446,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes - verifyInfoboxes(session, infoboxReadResponseParameters); + verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl()); // builds the AUTH-block String authBlock = buildAuthenticationBlock(session); // session.setAuthBlock(authBlock); @@ -507,12 +507,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param infoboxReadResponseParams The parameters returned from the BKU as response * to an infobox read request (including the infobox * tokens to be verified). + * @param hideStammzahl Indicates whether source pins (<code>Stammzahl</code>en) + * should be hidden in any SAML attribute that may be + * returned by a validator. * * @throws AuthenticationException If the verification of at least one infobox fails. * @throws ConfigurationException If the OAuthParameter cannot be extracted. */ private void verifyInfoboxes( - AuthenticationSession session, Map infoboxReadResponseParams) + AuthenticationSession session, Map infoboxReadResponseParams, boolean hideStammzahl) throws ValidateException, ConfigurationException { @@ -584,7 +587,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // build the parameters for validating the infobox InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams( - session, verifyInfoboxParameter, infoboxTokenList); + session, verifyInfoboxParameter, infoboxTokenList, hideStammzahl); // now validate the infobox boolean infoboxValid = false; try { diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java index 2d9837f9a..038e549be 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -30,13 +30,17 @@ public class InfoboxValidatorParamsBuilder { * @param session The actual Authentication session. * @param verifyInfoboxParameter The configuration parameters for the infobox. * @param infoboxTokenList Contains the infobox token to be validated. + * @param hideStammzahl Indicates whether source pins (<code>Stammzahl</code>en) + * should be hidden in any SAML attributes returned by + * an infobox validator. * * @return Parameters for validating an infobox token. */ public static InfoboxValidatorParams buildInfoboxValidatorParams( AuthenticationSession session, VerifyInfoboxParameter verifyInfoboxParameter, - List infoboxTokenList) + List infoboxTokenList, + boolean hideStammzahl) { InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl(); IdentityLink identityLink = session.getIdentityLink(); @@ -71,7 +75,7 @@ public class InfoboxValidatorParamsBuilder { } infoboxValidatorParams.setIdentityLink(identityLinkElem); } - + infoboxValidatorParams.setHideStammzahl(hideStammzahl); return infoboxValidatorParams; } diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java index 26070dc51..381815258 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java @@ -143,6 +143,20 @@ public interface InfoboxValidatorParams { public Element getIdentityLink(); /** + * Indicates whether source pins (<code>Stammzahl</code>en) should be hidden or not. + * If an online application lying behind MOA-ID is not allowed to get source pins + * (<code>Stammzahl</code>en), any source pins within <code>SAML attributes</code> + * returned by the validator must suppressed:<br> + * If the parameter <code>getHideStammzahl</code> is <code>true</code>, then the validator + * <b>MUST</b> hide (replace by an empty string) any source pin (<code>Stammzahl</code>) + * that may be included in a <code>SAML attribute</code> returned by the validator. + * + * @return <code>true</code> if source pins (<code>Stammzahl</code>en) must be hidden, + * otherwise <code>false</code>. + */ + public boolean getHideStammzahl(); + + /** * Returns application specific parameters. * Each child element of this element contains * a validating application specific parameter. The diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java index 46a67d48b..fcfc054d8 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java @@ -82,6 +82,10 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { * The identity link. */ private Element identityLink_; + /** + * Indicates whether source pins (<code>Stammzahl</code>en) must be hidden or not. + */ + private boolean hideStammzahl_; /** * Application specific parameters. @@ -184,6 +188,13 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { public Element getIdentityLink() { return identityLink_; } + + /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#hideStammzahl + */ + public boolean getHideStammzahl() { + return hideStammzahl_; + } /** * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getApplicationSpecificParams() @@ -313,7 +324,6 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { target_ = target; } - /** * Sets the ID of the trust profile used for validating certificates. * @@ -323,4 +333,14 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { trustProfileID_ = trustProfileID; } + /** + * Sets the {@link #hideStammzahl_} parameter. + * + * @param hideStammzahl <code>True</code> if source pins (<code>Stammzahl</code>en) should + * be hidden, otherwise <code>false</code>. + */ + public void setHideStammzahl(boolean hideStammzahl) { + this.hideStammzahl_ = hideStammzahl; + } + } |