aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java37
1 files changed, 34 insertions, 3 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 5c0e497a3..52488c3cb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -96,6 +96,7 @@ import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
@@ -526,10 +527,40 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
- if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME))
- authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +
- extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME));
+ try {
+ String qaaLevel = extractor.getQAALevel();
+ if (MiscUtil.isNotEmpty(qaaLevel) &&
+ qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+ authData.setQAALevel(qaaLevel);
+
+ } else {
+ Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");
+ String mappedQAA = PVPtoSTORKMapper.getInstance().mapQAALevel(qaaLevel);
+ if (MiscUtil.isNotEmpty(mappedQAA))
+ authData.setQAALevel(mappedQAA);
+
+ else
+ throw new AssertionAttributeExtractorExeption("PVP SecClass not mappable");
+
+ }
+
+ } catch (AssertionAttributeExtractorExeption e) {
+ Logger.warn("No QAA level found in <RequestedAuthnContext> element of interfederated assertion. " +
+ "(ErrorHeader=" + e.getMessage() + ")");
+ if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) {
+ authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +
+ extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME));
+
+ } else {
+ Logger.info("No QAA level found. Set to default level " +
+ PVPConstants.STORK_QAA_PREFIX + "1");
+ authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1");
+
+ }
+
+ }
+
if (extractor.containsAttribute(PVPConstants.EID_AUTH_BLOCK_NAME)) {
try {
byte[] authBlock = Base64Utils.decode(extractor.getSingleAttributeValue(PVPConstants.EID_AUTH_BLOCK_NAME), false);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 15:04:35 +0000