aboutsummaryrefslogtreecommitdiff
path: root/id/oa
diff options
context:
space:
mode:
Diffstat (limited to 'id/oa')
-rw-r--r--id/oa/pom.xml19
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java21
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java52
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java23
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java9
-rw-r--r--id/oa/src/main/webapp/demoapp.jsp6
-rw-r--r--id/oa/src/main/webapp/index.jsp2
7 files changed, 105 insertions, 27 deletions
diff --git a/id/oa/pom.xml b/id/oa/pom.xml
index 07b84ed1b..d3f9338a1 100644
--- a/id/oa/pom.xml
+++ b/id/oa/pom.xml
@@ -4,7 +4,7 @@
<parent>
<groupId>MOA</groupId>
<artifactId>id</artifactId>
- <version>3.x</version>
+ <version>4.1.2-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -22,12 +22,12 @@
<repository>
<id>shibboleth.internet2.edu</id>
<name>Internet2</name>
- <url>https://build.shibboleth.net/nexus/content/groups/public/</url>
+ <url>https://apps.egiz.gv.at/shibboleth_nexus/</url>
</repository>
<repository>
<id>IAIK Local</id>
<name>iaik/libs</name>
- <url>http://nexus.iaik.tugraz.at/nexus/content/repositories/iaik/</url>
+ <url>https://apps.egiz.gv.at/maven/</url>
</repository>
</repositories>
@@ -139,6 +139,19 @@
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ <version>1.62</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <version>1.62</version>
+ </dependency>
+
</dependencies>
</project>
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
index 09069ac7f..d6c14fd07 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
@@ -182,6 +182,26 @@ public class Configuration {
return Boolean.parseBoolean(props.getProperty("general.login.pvp2.binding.resp.redirect", "false"));
}
+
+ public boolean setAuthnContextClassRef() {
+ return Boolean.parseBoolean(props.getProperty("general.login.pvp2.req.set.authncontextclassref", "true"));
+ }
+
+ public String getAuthnContextClassRefValue() {
+ return props.getProperty("general.login.pvp2.req.authncontextclassref.value");
+
+ }
+
+ public String getScopeRequesterId() {
+ return props.getProperty("general.login.pvp2.sp.requesterId");
+ }
+
+ public boolean setNameIdPolicy() {
+ return Boolean.parseBoolean(props.getProperty("general.login.pvp2.req.set.nameIDPolicy", "true"));
+ }
+
+
+
public void initializePVP2Login() throws ConfigurationException {
if (!pvp2logininitialzied)
initalPVP2Login();
@@ -276,6 +296,5 @@ public class Configuration {
throw new ConfigurationException("PVP2 authentification can not be initialized.", e);
}
}
-
}
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
index 4c909ff80..4e8e12499 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
@@ -35,6 +35,7 @@ import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.lang3.RandomUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.runtime.RuntimeConstants;
import org.joda.time.DateTime;
@@ -52,6 +53,8 @@ import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.NameIDType;
import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.RequesterID;
+import org.opensaml.saml2.core.Scoping;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
@@ -136,11 +139,12 @@ public class Authenticate extends HttpServlet {
issuer.setFormat(NameIDType.ENTITY);
authReq.setIssuer(issuer);
- NameIDPolicy policy = SAML2Utils
- .createSAMLObject(NameIDPolicy.class);
- policy.setAllowCreate(true);
- policy.setFormat(NameID.PERSISTENT);
- authReq.setNameIDPolicy(policy);
+ if (config.setNameIdPolicy()) {
+ NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class);
+ policy.setAllowCreate(true);
+ policy.setFormat(NameID.PERSISTENT);
+ authReq.setNameIDPolicy(policy);
+ }
String entityname = config.getPVP2IDPMetadataEntityName();
if (MiscUtil.isEmpty(entityname)) {
@@ -183,20 +187,34 @@ public class Authenticate extends HttpServlet {
//authReq.setDestination("http://test.test.test");
+ if (config.setAuthnContextClassRef()) {
+ RequestedAuthnContext reqAuthContext =
+ SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
+ AuthnContextClassRef authnClassRef =
+ SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+
+ if (MiscUtil.isNotEmpty(config.getAuthnContextClassRefValue())) {
+ authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRefValue());
+
+ } else {
+ authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
+
+ }
+
+ reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
+ reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
+ authReq.setRequestedAuthnContext(reqAuthContext);
+ }
- RequestedAuthnContext reqAuthContext =
- SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
-
- AuthnContextClassRef authnClassRef =
- SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-
- authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
-
- reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
-
- reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
+ if (StringUtils.isNotEmpty(config.getScopeRequesterId())) {
+ Scoping scope = SAML2Utils.createSAMLObject(Scoping.class);
+ RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class);
+ requesterId.setRequesterID(config.getScopeRequesterId());
+ scope.getRequesterIDs().add(requesterId );
+ authReq.setScoping(scope );
+
+ }
- authReq.setRequestedAuthnContext(reqAuthContext);
//sign authentication request
KeyStore keyStore = config.getPVP2KeyStore();
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
index aeb4d8eac..e36a880ba 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
@@ -198,11 +198,7 @@ public class DemoApplication extends HttpServlet {
}
- //set assertion
- org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
- String assertion = DOMUtils.serializeNode(doc);
- bean.setAssertion(assertion);
-
+
if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
@@ -245,12 +241,28 @@ public class DemoApplication extends HttpServlet {
}
+ samlResponse.getAssertions().clear();
+ samlResponse.getAssertions().addAll(saml2assertions);
+
+ //set assertion
+ org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
+ String assertion = DOMUtils.serializeNode(doc);
+ bean.setAssertion(assertion);
+
+ String principleId = null;
String givenName = null;
String familyName = null;
String birthday = null;
for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
+ try {
+ principleId = saml2assertion.getSubject().getNameID().getValue();
+
+ } catch (Exception e) {
+ log.warn("Can not read SubjectNameId", e);
+ }
+
//loop through the nodes to get what we want
List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements();
for (int i = 0; i < attributeStatements.size(); i++)
@@ -277,6 +289,7 @@ public class DemoApplication extends HttpServlet {
}
+ bean.setPrincipleId(principleId);
bean.setDateOfBirth(birthday);
bean.setFamilyName(familyName);
bean.setGivenName(givenName);
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java
index 05c253b6e..59090cbcc 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java
@@ -32,6 +32,7 @@ public class ApplicationBean implements Serializable {
private String givenName;
private String dateOfBirth;
private String assertion;
+ private String principleId;
private boolean isLogin = false;
@@ -122,6 +123,14 @@ public class ApplicationBean implements Serializable {
public void setSuccessMessage(String successMessage) {
this.successMessage = successMessage;
}
+
+ public String getPrincipleId() {
+ return principleId;
+ }
+ public void setPrincipleId(String principleId) {
+ this.principleId = principleId;
+ }
+
diff --git a/id/oa/src/main/webapp/demoapp.jsp b/id/oa/src/main/webapp/demoapp.jsp
index c6b005deb..7d511a5ce 100644
--- a/id/oa/src/main/webapp/demoapp.jsp
+++ b/id/oa/src/main/webapp/demoapp.jsp
@@ -31,7 +31,11 @@
<div id="demonstrator_loginInformation">
<table>
<tr>
- <td align="right">Benutzerdaten:</td>
+ <td align="right">PrincipleId: </td>
+ <td><%= bean.getPrincipleId()%></td>
+ </tr>
+ <tr>
+ <td align="right">Benutzerdaten:</td>
<td><%= bean.getGivenName()%>&nbsp;
<%= bean.getFamilyName()%>&nbsp;
<%= bean.getDateOfBirth()%></td>
diff --git a/id/oa/src/main/webapp/index.jsp b/id/oa/src/main/webapp/index.jsp
index 49f3e3e3a..628d3e7a3 100644
--- a/id/oa/src/main/webapp/index.jsp
+++ b/id/oa/src/main/webapp/index.jsp
@@ -21,6 +21,8 @@
<div id="demonstrator_leftcontent">
<input type="button" size="400" value="Login" onclick="PVP2LoginIframe('servlet/pvp2login');" id="submitbutton"/>
+ <br><br>
+ <a href="servlet/pvp2login">Login in fullFrame</a>
</div>
</div>