aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java15
1 files changed, 10 insertions, 5 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index ab0a1ec40..60b8b31de 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -47,6 +47,7 @@ import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
@@ -202,6 +203,14 @@ public class AuthenticationManager extends MOAIDAuthConstants {
public AuthenticationSession doAuthentication(HttpServletRequest httpReq,
HttpServletResponse httpResp, RequestImpl pendingReq) throws MOADatabaseException, ServletException, IOException, MOAIDException {
+ //load OA configuration from pending request
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+
+ //set logging context and log unique OA identifier to revision log
+ TransactionIDUtils.setServiceProviderId(pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix());
+ revisionsLogger.logEvent(oaParam,
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL());
+
//generic authentication request validation
if (pendingReq.isPassiv()
&& pendingReq.forceAuth()) {
@@ -236,12 +245,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
// check if Service-Provider allows SSO sessions
- IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
boolean useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP();
-
- revisionsLogger.logEvent(oaParam,
- pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL());
-
+
//if a legacy request is used SSO should not be allowed in case of mandate authentication
boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq);