2 files changed, 45 insertions, 21 deletions

diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
index 4bce49465..0b8251386 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
@@ -43,6 +43,7 @@ import org.opensaml.common.binding.BasicSAMLMessageContext;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
 import org.opensaml.saml2.core.AuthnContextClassRef;
 import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
 import org.opensaml.saml2.core.AuthnRequest;
@@ -124,7 +125,7 @@ public class Authenticate extends HttpServlet {
 				serviceURL = serviceURL + "/";
 			//name.setValue(serviceURL);
 			issuer.setValue(serviceURL);
-
+			
 //			subject.setNameID(name);
 //			authReq.setSubject(subject);
 			issuer.setFormat(NameIDType.ENTITY);
@@ -155,13 +156,21 @@ public class Authenticate extends HttpServlet {
 			for (SingleSignOnService sss : 
 					idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
 				
+//				//Get the service address for the binding you wish to use
+//				if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { 
+//					redirectEndpoint = sss;  
+//				}
+				
 				//Get the service address for the binding you wish to use
-				if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { 
+				if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { 
 					redirectEndpoint = sss;  
 				}  
+				
 			}
 			authReq.setDestination(redirectEndpoint.getLocation());
 			
+			//authReq.setDestination("http://test.test.test");
+			
 			
 			RequestedAuthnContext reqAuthContext = 
 					SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
@@ -191,32 +200,47 @@ public class Authenticate extends HttpServlet {
 			authReq.setSignature(signer);
 
 			//generate Http-POST Binding message
-			VelocityEngine engine = new VelocityEngine();
-			engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
-			engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
-			engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
-			engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
-			engine.setProperty("classpath.resource.loader.class",
-					"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
-			engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
-					"org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
-			engine.init();
-
-			HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
-					"templates/pvp_postbinding_template.html");
+//			VelocityEngine engine = new VelocityEngine();
+//			engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+//			engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+//			engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+//			engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+//			engine.setProperty("classpath.resource.loader.class",
+//					"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+//			engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
+//					"org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
+//			engine.init();
+//
+//			HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
+//					"templates/pvp_postbinding_template.html");
+//			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+//					response, true);
+//			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+//			SingleSignOnService service = new SingleSignOnServiceBuilder()
+//					.buildObject();
+//			service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+//			service.setLocation(redirectEndpoint.getLocation());;
+//			
+//			context.setOutboundSAMLMessageSigningCredential(authcredential);
+//			context.setPeerEntityEndpoint(service);
+//			context.setOutboundSAMLMessage(authReq);
+//			context.setOutboundMessageTransport(responseAdapter);
+
+			//generate Redirect Binding message
+			HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
 			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
 					response, true);
 			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
 			SingleSignOnService service = new SingleSignOnServiceBuilder()
 					.buildObject();
-			service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
-			service.setLocation(redirectEndpoint.getLocation());;
-			
+			service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+			service.setLocation(redirectEndpoint.getLocation());
 			context.setOutboundSAMLMessageSigningCredential(authcredential);
 			context.setPeerEntityEndpoint(service);
 			context.setOutboundSAMLMessage(authReq);
 			context.setOutboundMessageTransport(responseAdapter);
-
+			//context.setRelayState(relayState);
+			
 			encoder.encode(context);
 
 		} catch (Exception e) {
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
index eecb691c0..1dcc66a56 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
@@ -56,9 +56,9 @@ public class AttributeListBuilder implements PVPConstants{
 		requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true));
 		requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, true));
 		requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true));
-		requestedAttributes.add(buildReqAttribute(EID_SIGNER_CERTIFICATE_NAME, EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, true));		
+		requestedAttributes.add(buildReqAttribute(EID_SIGNER_CERTIFICATE_NAME, EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false));		
 		requestedAttributes.add(buildReqAttribute(EID_CCS_URL_NAME, EID_CCS_URL_FRIENDLY_NAME, true));		
-		requestedAttributes.add(buildReqAttribute(EID_AUTH_BLOCK_NAME, EID_AUTH_BLOCK_FRIENDLY_NAME, true));		
+		requestedAttributes.add(buildReqAttribute(EID_AUTH_BLOCK_NAME, EID_AUTH_BLOCK_FRIENDLY_NAME, false));		
 		requestedAttributes.add(buildReqAttribute(EID_IDENTITY_LINK_NAME, EID_IDENTITY_LINK_FRIENDLY_NAME, true));
 		
 		requestedAttributes.add(buildReqAttribute(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));