diff options
Diffstat (limited to 'id/oa/src/main/java/at/gv/egovernment/moa')
4 files changed, 82 insertions, 23 deletions
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java index 09069ac7f..d6c14fd07 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java @@ -182,6 +182,26 @@ public class Configuration { return Boolean.parseBoolean(props.getProperty("general.login.pvp2.binding.resp.redirect", "false")); } + + public boolean setAuthnContextClassRef() { + return Boolean.parseBoolean(props.getProperty("general.login.pvp2.req.set.authncontextclassref", "true")); + } + + public String getAuthnContextClassRefValue() { + return props.getProperty("general.login.pvp2.req.authncontextclassref.value"); + + } + + public String getScopeRequesterId() { + return props.getProperty("general.login.pvp2.sp.requesterId"); + } + + public boolean setNameIdPolicy() { + return Boolean.parseBoolean(props.getProperty("general.login.pvp2.req.set.nameIDPolicy", "true")); + } + + + public void initializePVP2Login() throws ConfigurationException { if (!pvp2logininitialzied) initalPVP2Login(); @@ -276,6 +296,5 @@ public class Configuration { throw new ConfigurationException("PVP2 authentification can not be initialized.", e); } } - } diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java index 4c909ff80..4e8e12499 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java @@ -35,6 +35,7 @@ import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import org.apache.commons.lang3.RandomUtils; +import org.apache.commons.lang3.StringUtils; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; import org.joda.time.DateTime; @@ -52,6 +53,8 @@ import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.NameIDPolicy; import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.RequesterID; +import org.opensaml.saml2.core.Scoping; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; @@ -136,11 +139,12 @@ public class Authenticate extends HttpServlet { issuer.setFormat(NameIDType.ENTITY); authReq.setIssuer(issuer); - NameIDPolicy policy = SAML2Utils - .createSAMLObject(NameIDPolicy.class); - policy.setAllowCreate(true); - policy.setFormat(NameID.PERSISTENT); - authReq.setNameIDPolicy(policy); + if (config.setNameIdPolicy()) { + NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class); + policy.setAllowCreate(true); + policy.setFormat(NameID.PERSISTENT); + authReq.setNameIDPolicy(policy); + } String entityname = config.getPVP2IDPMetadataEntityName(); if (MiscUtil.isEmpty(entityname)) { @@ -183,20 +187,34 @@ public class Authenticate extends HttpServlet { //authReq.setDestination("http://test.test.test"); + if (config.setAuthnContextClassRef()) { + RequestedAuthnContext reqAuthContext = + SAML2Utils.createSAMLObject(RequestedAuthnContext.class); + AuthnContextClassRef authnClassRef = + SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + + if (MiscUtil.isNotEmpty(config.getAuthnContextClassRefValue())) { + authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRefValue()); + + } else { + authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); + + } + + reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); + reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + authReq.setRequestedAuthnContext(reqAuthContext); + } - RequestedAuthnContext reqAuthContext = - SAML2Utils.createSAMLObject(RequestedAuthnContext.class); - - AuthnContextClassRef authnClassRef = - SAML2Utils.createSAMLObject(AuthnContextClassRef.class); - - authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); - - reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); - - reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + if (StringUtils.isNotEmpty(config.getScopeRequesterId())) { + Scoping scope = SAML2Utils.createSAMLObject(Scoping.class); + RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class); + requesterId.setRequesterID(config.getScopeRequesterId()); + scope.getRequesterIDs().add(requesterId ); + authReq.setScoping(scope ); + + } - authReq.setRequestedAuthnContext(reqAuthContext); //sign authentication request KeyStore keyStore = config.getPVP2KeyStore(); diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java index aeb4d8eac..e36a880ba 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java @@ -198,11 +198,7 @@ public class DemoApplication extends HttpServlet { } - //set assertion - org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); - String assertion = DOMUtils.serializeNode(doc); - bean.setAssertion(assertion); - + if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>(); @@ -245,12 +241,28 @@ public class DemoApplication extends HttpServlet { } + samlResponse.getAssertions().clear(); + samlResponse.getAssertions().addAll(saml2assertions); + + //set assertion + org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); + String assertion = DOMUtils.serializeNode(doc); + bean.setAssertion(assertion); + + String principleId = null; String givenName = null; String familyName = null; String birthday = null; for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { + try { + principleId = saml2assertion.getSubject().getNameID().getValue(); + + } catch (Exception e) { + log.warn("Can not read SubjectNameId", e); + } + //loop through the nodes to get what we want List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements(); for (int i = 0; i < attributeStatements.size(); i++) @@ -277,6 +289,7 @@ public class DemoApplication extends HttpServlet { } + bean.setPrincipleId(principleId); bean.setDateOfBirth(birthday); bean.setFamilyName(familyName); bean.setGivenName(givenName); diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java index 05c253b6e..59090cbcc 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java @@ -32,6 +32,7 @@ public class ApplicationBean implements Serializable { private String givenName; private String dateOfBirth; private String assertion; + private String principleId; private boolean isLogin = false; @@ -122,6 +123,14 @@ public class ApplicationBean implements Serializable { public void setSuccessMessage(String successMessage) { this.successMessage = successMessage; } + + public String getPrincipleId() { + return principleId; + } + public void setPrincipleId(String principleId) { + this.principleId = principleId; + } + |