diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java | 39 |
1 files changed, 32 insertions, 7 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 2038ef5a5..c438cb18c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -26,7 +26,12 @@ import org.opensaml.saml2.metadata.NameIDFormat; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.saml2.metadata.SPSSODescriptor; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; @@ -39,8 +44,9 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; public class PVP2AssertionBuilder implements PVPConstants { - public static Assertion buildAssertion(AuthnRequest authnRequest, - AuthenticationSession authSession, EntityDescriptor peerEntity) throws PVP2Exception { + public static Assertion buildAssertion(AuthnRequest authnRequest, + AuthenticationSession authSession, EntityDescriptor peerEntity) + throws MOAIDException { Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class); RequestedAuthnContext reqAuthnContext = authnRequest @@ -71,7 +77,7 @@ public class PVP2AssertionBuilder implements PVPConstants { if (!stork_qaa_1_4_found) { throw new QAANotSupportedException(STORK_QAA_1_4); } - + reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs() .iterator(); StringBuilder authContextsb = new StringBuilder(); @@ -107,7 +113,7 @@ public class PVP2AssertionBuilder implements PVPConstants { authnStatement.setAuthnContext(authnContext); assertion.getAuthnStatements().add(authnStatement); - + SPSSODescriptor spSSODescriptor = peerEntity .getSPSSODescriptor(SAMLConstants.SAML20P_NS); @@ -127,6 +133,9 @@ public class PVP2AssertionBuilder implements PVPConstants { Subject subject = SAML2Utils.createSAMLObject(Subject.class); NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); boolean foundFormat = false; + + // TL: AuthData generation is moved to Assertion generation. + Iterator<NameIDFormat> formatIt = spSSODescriptor.getNameIDFormats() .iterator(); while (formatIt.hasNext()) { @@ -180,11 +189,27 @@ public class PVP2AssertionBuilder implements PVPConstants { assertion.getAttributeStatements().add(attributeStatement); } + // TODO: LOAD oaParam from request and not from MOASession in case of + // SSO + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + authSession.getPublicOAURLPrefix()); + + AuthenticationData authData = AuthenticationServer + .buildAuthenticationData(authSession, oaParam, + oaParam.getTarget()); + + // TL: getIdentificationValue holds the baseID --> change to pBK + // subjectNameID.setValue(authData.getIdentificationValue()); + subjectNameID.setFormat(NameID.PERSISTENT); - subjectNameID.setNameQualifier(authSession.getAssertionAuthData() + //TODO: build IdType in authData + subjectNameID.setNameQualifier(authData .getIdentificationType()); - subjectNameID.setValue(authSession.getAssertionAuthData() - .getIdentificationValue()); + if (authSession.getBusinessService()) + subjectNameID.setValue(authData.getWBPK()); + else + subjectNameID.setValue(authData.getBPK()); // } subject.setNameID(subjectNameID); |