diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java | 49 |
1 files changed, 42 insertions, 7 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 5fc1dc785..964c19208 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; +import java.util.Iterator; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -7,6 +9,8 @@ import org.joda.time.DateTime; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.ArtifactResponse; import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement; import org.opensaml.saml2.core.AuthnContext; import org.opensaml.saml2.core.AuthnContextClassRef; import org.opensaml.saml2.core.AuthnRequest; @@ -14,6 +18,9 @@ import org.opensaml.saml2.core.AuthnStatement; import org.opensaml.saml2.core.Issuer; import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; @@ -23,7 +30,8 @@ import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.CitizenTokenBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; public class AuthnRequestHandler implements IRequestHandler { @@ -55,26 +63,54 @@ public class AuthnRequestHandler implements IRequestHandler { assertion.getAuthnStatements().add(authnStatement); + SPSSODescriptor spSSODescriptor = obj.getEntityMetadata(). + getSPSSODescriptor(SAMLConstants.SAML20P_NS); + + AttributeConsumingService attributeConsumingService = + spSSODescriptor.getAttributeConsumingServices().iterator().next(); + + AuthenticationSession authSession = AuthenticationManager.getAuthenticationSession(req.getSession()); + AttributeStatement attributeStatement = SAML2Utils.createSAMLObject(AttributeStatement.class); + + Iterator<RequestedAttribute> it = attributeConsumingService.getRequestAttributes().iterator(); + while(it.hasNext()) { + RequestedAttribute reqAttribut = it.next(); + Attribute attr = PVPAttributeBuilder.buildAttribute(reqAttribut.getName(), authSession); + if(attr == null) { + if(reqAttribut.isRequired()) { + throw new MOAIDException("Cannot provide requested attribute " + reqAttribut.getName(), null); + } + } else { + attributeStatement.getAttributes().add(attr); + } + } + + if(attributeStatement.getAttributes().size() > 0) { + assertion.getAttributeStatements().add(attributeStatement); + } + Subject subject = SAML2Utils.createSAMLObject(Subject.class); NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); subjectNameID.setFormat(NameID.PERSISTENT); subjectNameID.setValue(authSession.getAuthData().getIdentificationValue()); subject.setNameID(subjectNameID); - assertion.getAttributeStatements().add(CitizenTokenBuilder.buildCitizenToken(obj, authSession)); + //assertion.getAttributeStatements().add(CitizenTokenBuilder.buildCitizenToken(obj, authSession)); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue("pvpIDP"); + issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); + issuer.setFormat(NameID.ENTITY); assertion.setIssuer(issuer); assertion.setSubject(subject); ArtifactResponse authResponse = SAML2Utils.createSAMLObject(ArtifactResponse.class); Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); - nissuer.setValue("pvpIDP"); + nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); + nissuer.setFormat(NameID.ENTITY); authResponse.setIssuer(nissuer); authResponse.setInResponseTo(authnRequest.getID()); authResponse.setMessage(assertion); @@ -87,8 +123,8 @@ public class AuthnRequestHandler implements IRequestHandler { idx = aIdx.intValue(); } - String oaURL = obj.getEntityMetadata(). - getSPSSODescriptor(SAMLConstants.SAML20P_NS). + + String oaURL = spSSODescriptor. getAssertionConsumerServices().get(idx).getLocation(); IEncoder binding = new PostBinding(); @@ -100,5 +136,4 @@ public class AuthnRequestHandler implements IRequestHandler { e.printStackTrace(); } } - } |