aboutsummaryrefslogtreecommitdiff
path: root/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java')
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java40
1 files changed, 32 insertions, 8 deletions
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
index 68fef277b..5bf9c4970 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
@@ -1,3 +1,25 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.demoOA.servlet.pvp2;
import java.io.IOException;
@@ -75,6 +97,7 @@ public class Authenticate extends HttpServlet {
DocumentBuilder builder;
+ //generate AuthenticationRequest
protected void process(HttpServletRequest request,
HttpServletResponse response, Map<String,String> legacyParameter) throws ServletException, IOException {
try {
@@ -87,13 +110,10 @@ public class Authenticate extends HttpServlet {
SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
authReq.setID(gen.generateIdentifier());
- HttpSession session = request.getSession();
- if (session != null) {
- session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID());
- }
authReq.setAssertionConsumerServiceIndex(0);
authReq.setAttributeConsumingServiceIndex(0);
+
authReq.setIssueInstant(new DateTime());
Subject subject = SAML2Utils.createSAMLObject(Subject.class);
NameID name = SAML2Utils.createSAMLObject(NameID.class);
@@ -121,13 +141,15 @@ public class Authenticate extends HttpServlet {
throw new ConfigurationException("No IDP EntityName configurated");
}
- HTTPMetadataProvider idpmetadata = config.getMetaDataProvier();
+ //get IDP metadata from metadataprovider
+ HTTPMetadataProvider idpmetadata = config.getMetaDataProvier();
EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname);
if (idpEntity == null) {
log.info("IDP EntityName is not found in IDP Metadata");
throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
}
+ //select authentication-service url from metadata
SingleSignOnService redirectEndpoint = null;
for (SingleSignOnService sss :
idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
@@ -137,9 +159,9 @@ public class Authenticate extends HttpServlet {
redirectEndpoint = sss;
}
}
-
authReq.setDestination(redirectEndpoint.getLocation());
+
RequestedAuthnContext reqAuthContext =
SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
@@ -154,8 +176,8 @@ public class Authenticate extends HttpServlet {
authReq.setRequestedAuthnContext(reqAuthContext);
+ //sign authentication request
KeyStore keyStore = config.getPVP2KeyStore();
-
X509Credential authcredential = new KeyStoreX509CredentialAdapter(
keyStore,
config.getPVP2KeystoreAuthRequestKeyAlias(),
@@ -165,9 +187,9 @@ public class Authenticate extends HttpServlet {
signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
signer.setSigningCredential(authcredential);
-
authReq.setSignature(signer);
+ //generate Http-POST Binding message
VelocityEngine engine = new VelocityEngine();
engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
@@ -175,6 +197,8 @@ public class Authenticate extends HttpServlet {
engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
engine.setProperty("classpath.resource.loader.class",
"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+ engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
+ "org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
engine.init();
HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 18:55:19 +0000