diff options
Diffstat (limited to 'id/oa')
7 files changed, 105 insertions, 27 deletions
diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 07b84ed1b..d3f9338a1 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>MOA</groupId> <artifactId>id</artifactId> - <version>3.x</version> + <version>4.1.2-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> @@ -22,12 +22,12 @@ <repository> <id>shibboleth.internet2.edu</id> <name>Internet2</name> - <url>https://build.shibboleth.net/nexus/content/groups/public/</url> + <url>https://apps.egiz.gv.at/shibboleth_nexus/</url> </repository> <repository> <id>IAIK Local</id> <name>iaik/libs</name> - <url>http://nexus.iaik.tugraz.at/nexus/content/repositories/iaik/</url> + <url>https://apps.egiz.gv.at/maven/</url> </repository> </repositories> @@ -139,6 +139,19 @@ </exclusions> </dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcpkix-jdk15on</artifactId> + <version>1.62</version> + <scope>test</scope> + </dependency> + + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + <version>1.62</version> + </dependency> + </dependencies> </project> diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java index 09069ac7f..d6c14fd07 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java @@ -182,6 +182,26 @@ public class Configuration { return Boolean.parseBoolean(props.getProperty("general.login.pvp2.binding.resp.redirect", "false")); } + + public boolean setAuthnContextClassRef() { + return Boolean.parseBoolean(props.getProperty("general.login.pvp2.req.set.authncontextclassref", "true")); + } + + public String getAuthnContextClassRefValue() { + return props.getProperty("general.login.pvp2.req.authncontextclassref.value"); + + } + + public String getScopeRequesterId() { + return props.getProperty("general.login.pvp2.sp.requesterId"); + } + + public boolean setNameIdPolicy() { + return Boolean.parseBoolean(props.getProperty("general.login.pvp2.req.set.nameIDPolicy", "true")); + } + + + public void initializePVP2Login() throws ConfigurationException { if (!pvp2logininitialzied) initalPVP2Login(); @@ -276,6 +296,5 @@ public class Configuration { throw new ConfigurationException("PVP2 authentification can not be initialized.", e); } } - } diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java index 4c909ff80..4e8e12499 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java @@ -35,6 +35,7 @@ import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import org.apache.commons.lang3.RandomUtils; +import org.apache.commons.lang3.StringUtils; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.runtime.RuntimeConstants; import org.joda.time.DateTime; @@ -52,6 +53,8 @@ import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.NameIDPolicy; import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.RequesterID; +import org.opensaml.saml2.core.Scoping; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; @@ -136,11 +139,12 @@ public class Authenticate extends HttpServlet { issuer.setFormat(NameIDType.ENTITY); authReq.setIssuer(issuer); - NameIDPolicy policy = SAML2Utils - .createSAMLObject(NameIDPolicy.class); - policy.setAllowCreate(true); - policy.setFormat(NameID.PERSISTENT); - authReq.setNameIDPolicy(policy); + if (config.setNameIdPolicy()) { + NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class); + policy.setAllowCreate(true); + policy.setFormat(NameID.PERSISTENT); + authReq.setNameIDPolicy(policy); + } String entityname = config.getPVP2IDPMetadataEntityName(); if (MiscUtil.isEmpty(entityname)) { @@ -183,20 +187,34 @@ public class Authenticate extends HttpServlet { //authReq.setDestination("http://test.test.test"); + if (config.setAuthnContextClassRef()) { + RequestedAuthnContext reqAuthContext = + SAML2Utils.createSAMLObject(RequestedAuthnContext.class); + AuthnContextClassRef authnClassRef = + SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + + if (MiscUtil.isNotEmpty(config.getAuthnContextClassRefValue())) { + authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRefValue()); + + } else { + authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); + + } + + reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); + reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + authReq.setRequestedAuthnContext(reqAuthContext); + } - RequestedAuthnContext reqAuthContext = - SAML2Utils.createSAMLObject(RequestedAuthnContext.class); - - AuthnContextClassRef authnClassRef = - SAML2Utils.createSAMLObject(AuthnContextClassRef.class); - - authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); - - reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); - - reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + if (StringUtils.isNotEmpty(config.getScopeRequesterId())) { + Scoping scope = SAML2Utils.createSAMLObject(Scoping.class); + RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class); + requesterId.setRequesterID(config.getScopeRequesterId()); + scope.getRequesterIDs().add(requesterId ); + authReq.setScoping(scope ); + + } - authReq.setRequestedAuthnContext(reqAuthContext); //sign authentication request KeyStore keyStore = config.getPVP2KeyStore(); diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java index aeb4d8eac..e36a880ba 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java @@ -198,11 +198,7 @@ public class DemoApplication extends HttpServlet { } - //set assertion - org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); - String assertion = DOMUtils.serializeNode(doc); - bean.setAssertion(assertion); - + if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>(); @@ -245,12 +241,28 @@ public class DemoApplication extends HttpServlet { } + samlResponse.getAssertions().clear(); + samlResponse.getAssertions().addAll(saml2assertions); + + //set assertion + org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); + String assertion = DOMUtils.serializeNode(doc); + bean.setAssertion(assertion); + + String principleId = null; String givenName = null; String familyName = null; String birthday = null; for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { + try { + principleId = saml2assertion.getSubject().getNameID().getValue(); + + } catch (Exception e) { + log.warn("Can not read SubjectNameId", e); + } + //loop through the nodes to get what we want List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements(); for (int i = 0; i < attributeStatements.size(); i++) @@ -277,6 +289,7 @@ public class DemoApplication extends HttpServlet { } + bean.setPrincipleId(principleId); bean.setDateOfBirth(birthday); bean.setFamilyName(familyName); bean.setGivenName(givenName); diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java index 05c253b6e..59090cbcc 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java @@ -32,6 +32,7 @@ public class ApplicationBean implements Serializable { private String givenName; private String dateOfBirth; private String assertion; + private String principleId; private boolean isLogin = false; @@ -122,6 +123,14 @@ public class ApplicationBean implements Serializable { public void setSuccessMessage(String successMessage) { this.successMessage = successMessage; } + + public String getPrincipleId() { + return principleId; + } + public void setPrincipleId(String principleId) { + this.principleId = principleId; + } + diff --git a/id/oa/src/main/webapp/demoapp.jsp b/id/oa/src/main/webapp/demoapp.jsp index c6b005deb..7d511a5ce 100644 --- a/id/oa/src/main/webapp/demoapp.jsp +++ b/id/oa/src/main/webapp/demoapp.jsp @@ -31,7 +31,11 @@ <div id="demonstrator_loginInformation"> <table> <tr> - <td align="right">Benutzerdaten:</td> + <td align="right">PrincipleId: </td> + <td><%= bean.getPrincipleId()%></td> + </tr> + <tr> + <td align="right">Benutzerdaten:</td> <td><%= bean.getGivenName()%> <%= bean.getFamilyName()%> <%= bean.getDateOfBirth()%></td> diff --git a/id/oa/src/main/webapp/index.jsp b/id/oa/src/main/webapp/index.jsp index 49f3e3e3a..628d3e7a3 100644 --- a/id/oa/src/main/webapp/index.jsp +++ b/id/oa/src/main/webapp/index.jsp @@ -21,6 +21,8 @@ <div id="demonstrator_leftcontent"> <input type="button" size="400" value="Login" onclick="PVP2LoginIframe('servlet/pvp2login');" id="submitbutton"/> + <br><br> + <a href="servlet/pvp2login">Login in fullFrame</a> </div> </div> |