1 files changed, 70 insertions, 49 deletions

diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
index 2641797ed..4c909ff80 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
@@ -34,11 +34,15 @@ import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
+import org.apache.commons.lang3.RandomUtils;
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.runtime.RuntimeConstants;
 import org.joda.time.DateTime;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.BasicSAMLMessageContext;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
 import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
 import org.opensaml.saml2.core.AuthnContextClassRef;
 import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
@@ -107,8 +111,13 @@ public class Authenticate extends HttpServlet {
 			SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
 			authReq.setID(gen.generateIdentifier());
 			
+			String relayState = String.valueOf(RandomUtils.nextLong());
 			
-			authReq.setAssertionConsumerServiceIndex(0);
+			if (config.useRedirectBindingResponse())
+				authReq.setAssertionConsumerServiceIndex(1);
+			else
+				authReq.setAssertionConsumerServiceIndex(0);
+				
 			authReq.setAttributeConsumingServiceIndex(0);
 			
 			authReq.setIssueInstant(new DateTime());
@@ -152,17 +161,24 @@ public class Authenticate extends HttpServlet {
 			for (SingleSignOnService sss : 
 					idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
 				
-//				//Get the service address for the binding you wish to use
-//				if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { 
-//					redirectEndpoint = sss;  
-//				}
+				//Get the service address for the binding you wish to use
+				if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) && !config.useRedirectBindingRequest()) { 
+					redirectEndpoint = sss;  
+				}
 				
 				//Get the service address for the binding you wish to use
-				if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { 
+				if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) && config.useRedirectBindingRequest()) { 
 					redirectEndpoint = sss;  
 				}  
 				
 			}
+			
+			if (redirectEndpoint == null) {
+				log.warn("Can not find valid EndPoint for SAML2 response");
+				throw new ConfigurationException("Can not find valid EndPoint for SAML2 response");
+				
+			}
+			
 			authReq.setDestination(redirectEndpoint.getLocation());
 			
 			//authReq.setDestination("http://test.test.test");
@@ -195,49 +211,54 @@ public class Authenticate extends HttpServlet {
 			signer.setSigningCredential(authcredential);
 			authReq.setSignature(signer);
 
-			//generate Http-POST Binding message
-//			VelocityEngine engine = new VelocityEngine();
-//			engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
-//			engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
-//			engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
-//			engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
-//			engine.setProperty("classpath.resource.loader.class",
-//					"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
-//			engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
-//					"org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
-//			engine.init();
-//
-//			HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
-//					"templates/pvp_postbinding_template.html");
-//			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-//					response, true);
-//			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-//			SingleSignOnService service = new SingleSignOnServiceBuilder()
-//					.buildObject();
-//			service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
-//			service.setLocation(redirectEndpoint.getLocation());;
-//			
-//			context.setOutboundSAMLMessageSigningCredential(authcredential);
-//			context.setPeerEntityEndpoint(service);
-//			context.setOutboundSAMLMessage(authReq);
-//			context.setOutboundMessageTransport(responseAdapter);
-
-			//generate Redirect Binding message
-			HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					response, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder()
-					.buildObject();
-			service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			service.setLocation(redirectEndpoint.getLocation());
-			context.setOutboundSAMLMessageSigningCredential(authcredential);
-			context.setPeerEntityEndpoint(service);
-			context.setOutboundSAMLMessage(authReq);
-			context.setOutboundMessageTransport(responseAdapter);
-			//context.setRelayState(relayState);
-			
-			encoder.encode(context);
+		
+			if (!config.useRedirectBindingRequest()) {			
+				//generate Http-POST Binding message
+				VelocityEngine engine = new VelocityEngine();
+				engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+				engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+				engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+				engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+				engine.setProperty("classpath.resource.loader.class",
+						"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+				engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
+						"org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
+				engine.init();
+	
+				HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
+						"templates/pvp_postbinding_template.html");
+				HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+						response, true);
+				BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+				SingleSignOnService service = new SingleSignOnServiceBuilder()
+						.buildObject();
+				service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+				service.setLocation(redirectEndpoint.getLocation());;				
+				context.setOutboundSAMLMessageSigningCredential(authcredential);
+				context.setPeerEntityEndpoint(service);
+				context.setOutboundSAMLMessage(authReq);
+				context.setOutboundMessageTransport(responseAdapter);
+				context.setRelayState(relayState);
+				encoder.encode(context);
+				
+			} else {
+				//generate Redirect Binding message
+				HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+				HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+						response, true);
+				BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+				SingleSignOnService service = new SingleSignOnServiceBuilder()
+						.buildObject();
+				service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+				service.setLocation(redirectEndpoint.getLocation());
+				context.setOutboundSAMLMessageSigningCredential(authcredential);
+				context.setPeerEntityEndpoint(service);
+				context.setOutboundSAMLMessage(authReq);
+				context.setOutboundMessageTransport(responseAdapter);			
+				context.setRelayState(relayState);				
+				encoder.encode(context);
+				
+			}
 
 		} catch (Exception e) {
 			log.warn("Authentication Request can not be generated", e);