diff options
Diffstat (limited to 'id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java')
-rw-r--r-- | id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java | 52 |
1 files changed, 35 insertions, 17 deletions
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java index 4c909ff80..4e8e12499 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java @@ -35,6 +35,7 @@ import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import org.apache.commons.lang3.RandomUtils; +import org.apache.commons.lang3.StringUtils; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; import org.joda.time.DateTime; @@ -52,6 +53,8 @@ import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.NameIDPolicy; import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.RequesterID; +import org.opensaml.saml2.core.Scoping; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; @@ -136,11 +139,12 @@ public class Authenticate extends HttpServlet { issuer.setFormat(NameIDType.ENTITY); authReq.setIssuer(issuer); - NameIDPolicy policy = SAML2Utils - .createSAMLObject(NameIDPolicy.class); - policy.setAllowCreate(true); - policy.setFormat(NameID.PERSISTENT); - authReq.setNameIDPolicy(policy); + if (config.setNameIdPolicy()) { + NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class); + policy.setAllowCreate(true); + policy.setFormat(NameID.PERSISTENT); + authReq.setNameIDPolicy(policy); + } String entityname = config.getPVP2IDPMetadataEntityName(); if (MiscUtil.isEmpty(entityname)) { @@ -183,20 +187,34 @@ public class Authenticate extends HttpServlet { //authReq.setDestination("http://test.test.test"); + if (config.setAuthnContextClassRef()) { + RequestedAuthnContext reqAuthContext = + SAML2Utils.createSAMLObject(RequestedAuthnContext.class); + AuthnContextClassRef authnClassRef = + SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + + if (MiscUtil.isNotEmpty(config.getAuthnContextClassRefValue())) { + authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRefValue()); + + } else { + authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); + + } + + reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); + reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + authReq.setRequestedAuthnContext(reqAuthContext); + } - RequestedAuthnContext reqAuthContext = - SAML2Utils.createSAMLObject(RequestedAuthnContext.class); - - AuthnContextClassRef authnClassRef = - SAML2Utils.createSAMLObject(AuthnContextClassRef.class); - - authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); - - reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); - - reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + if (StringUtils.isNotEmpty(config.getScopeRequesterId())) { + Scoping scope = SAML2Utils.createSAMLObject(Scoping.class); + RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class); + requesterId.setRequesterID(config.getScopeRequesterId()); + scope.getRequesterIDs().add(requesterId ); + authReq.setScoping(scope ); + + } - authReq.setRequestedAuthnContext(reqAuthContext); //sign authentication request KeyStore keyStore = config.getPVP2KeyStore(); |