diff options
Diffstat (limited to 'id/oa/src')
-rw-r--r-- | id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java | 62 | ||||
-rw-r--r-- | id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java | 4 |
2 files changed, 45 insertions, 21 deletions
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java index 4bce49465..0b8251386 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java @@ -43,6 +43,7 @@ import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; +import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; import org.opensaml.saml2.core.AuthnContextClassRef; import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.core.AuthnRequest; @@ -124,7 +125,7 @@ public class Authenticate extends HttpServlet { serviceURL = serviceURL + "/"; //name.setValue(serviceURL); issuer.setValue(serviceURL); - + // subject.setNameID(name); // authReq.setSubject(subject); issuer.setFormat(NameIDType.ENTITY); @@ -155,13 +156,21 @@ public class Authenticate extends HttpServlet { for (SingleSignOnService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { +// //Get the service address for the binding you wish to use +// if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { +// redirectEndpoint = sss; +// } + //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { redirectEndpoint = sss; } + } authReq.setDestination(redirectEndpoint.getLocation()); + //authReq.setDestination("http://test.test.test"); + RequestedAuthnContext reqAuthContext = SAML2Utils.createSAMLObject(RequestedAuthnContext.class); @@ -191,32 +200,47 @@ public class Authenticate extends HttpServlet { authReq.setSignature(signer); //generate Http-POST Binding message - VelocityEngine engine = new VelocityEngine(); - engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); - engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); - engine.setProperty("classpath.resource.loader.class", - "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); - engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, - "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); - engine.init(); - - HTTPPostEncoder encoder = new HTTPPostEncoder(engine, - "templates/pvp_postbinding_template.html"); +// VelocityEngine engine = new VelocityEngine(); +// engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); +// engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); +// engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); +// engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); +// engine.setProperty("classpath.resource.loader.class", +// "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); +// engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, +// "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); +// engine.init(); +// +// HTTPPostEncoder encoder = new HTTPPostEncoder(engine, +// "templates/pvp_postbinding_template.html"); +// HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( +// response, true); +// BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); +// SingleSignOnService service = new SingleSignOnServiceBuilder() +// .buildObject(); +// service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); +// service.setLocation(redirectEndpoint.getLocation());; +// +// context.setOutboundSAMLMessageSigningCredential(authcredential); +// context.setPeerEntityEndpoint(service); +// context.setOutboundSAMLMessage(authReq); +// context.setOutboundMessageTransport(responseAdapter); + + //generate Redirect Binding message + HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( response, true); BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); SingleSignOnService service = new SingleSignOnServiceBuilder() .buildObject(); - service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); - service.setLocation(redirectEndpoint.getLocation());; - + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(redirectEndpoint.getLocation()); context.setOutboundSAMLMessageSigningCredential(authcredential); context.setPeerEntityEndpoint(service); context.setOutboundSAMLMessage(authReq); context.setOutboundMessageTransport(responseAdapter); - + //context.setRelayState(relayState); + encoder.encode(context); } catch (Exception e) { diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java index eecb691c0..1dcc66a56 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java @@ -56,9 +56,9 @@ public class AttributeListBuilder implements PVPConstants{ requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true)); requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, true)); requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true)); - requestedAttributes.add(buildReqAttribute(EID_SIGNER_CERTIFICATE_NAME, EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_SIGNER_CERTIFICATE_NAME, EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(EID_CCS_URL_NAME, EID_CCS_URL_FRIENDLY_NAME, true)); - requestedAttributes.add(buildReqAttribute(EID_AUTH_BLOCK_NAME, EID_AUTH_BLOCK_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_AUTH_BLOCK_NAME, EID_AUTH_BLOCK_FRIENDLY_NAME, false)); requestedAttributes.add(buildReqAttribute(EID_IDENTITY_LINK_NAME, EID_IDENTITY_LINK_FRIENDLY_NAME, true)); requestedAttributes.add(buildReqAttribute(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false)); |