aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java56
1 files changed, 32 insertions, 24 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 229158778..fd7ff9885 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -58,6 +58,7 @@ import org.opensaml.xml.security.x509.X509Credential;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
@@ -85,32 +86,13 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
throw new MOAIDException("pvp2.13", null);
}
+ //get basic information
AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest();
- EntityDescriptor peerEntity = obj.getEntityMetadata();
-
- DateTime date = new DateTime();
-
- Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity, date);
-
- Response authResponse = SAML2Utils.createSAMLObject(Response.class);
-
- Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
-
- //change to entity value from entity name to IDP EntityID (URL)
- nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
- nissuer.setFormat(NameID.ENTITY);
- authResponse.setIssuer(nissuer);
- authResponse.setInResponseTo(authnRequest.getID());
-
-
- //SAML2 response required IssueInstant
- authResponse.setIssueInstant(date);
-
- authResponse.setStatus(SAML2Utils.getSuccessStatus());
-
+ EntityDescriptor peerEntity = obj.getEntityMetadata();
SPSSODescriptor spSSODescriptor = peerEntity
.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+ //get AssertionConsumingService
Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
int idx = 0;
@@ -129,6 +111,31 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
}
+ DateTime date = new DateTime();
+
+ //build Assertion
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity, date, consumerService);
+
+ Response authResponse = SAML2Utils.createSAMLObject(Response.class);
+
+ Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
+
+ //change to entity value from entity name to IDP EntityID (URL)
+ nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ nissuer.setFormat(NameID.ENTITY);
+ authResponse.setIssuer(nissuer);
+ authResponse.setInResponseTo(authnRequest.getID());
+
+ //set responseID
+ String remoteSessionID = SAML2Utils.getSecureIdentifier();
+ authResponse.setID(remoteSessionID);
+
+
+ //SAML2 response required IssueInstant
+ authResponse.setIssueInstant(date);
+
+ authResponse.setStatus(SAML2Utils.getSuccessStatus());
+
String oaURL = consumerService.getLocation();
//check, if metadata includes an encryption key
@@ -150,7 +157,8 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
}
- if (encryptionCredentials != null) {
+ boolean isEncryptionActive = AuthConfigurationProvider.getInstance().isPVP2AssertionEncryptionActive();
+ if (encryptionCredentials != null && isEncryptionActive) {
//encrypt SAML2 assertion
try {
@@ -212,7 +220,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
}
try {
- binding.encodeRespone(req, resp, authResponse, oaURL);
+ binding.encodeRespone(req, resp, authResponse, oaURL, obj.getRelayState());
// TODO add remoteSessionID to AuthSession ExternalPVPSessionStore
// Logger logger = new Logger();
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 00:04:26 +0000