diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 76757e28e..a65edffd0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -117,9 +118,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { throw new AuthenticationException("1206", new Object[] { samlArtifact }); } } - - boolean keepAssertion = false; - + //removed from MOA-ID 2.0 config // try { // String boolStr = AuthConfigurationProvider.getInstance() @@ -132,9 +131,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer { // throw new AuthenticationException("1205", new Object[] { // samlArtifact, ex.toString() }); // } - if (!keepAssertion) { - authenticationDataStore.remove(samlArtifact); - } + + authenticationDataStore.remove(samlArtifact); long now = new Date().getTime(); @@ -319,9 +317,14 @@ public class SAML1AuthenticationServer extends AuthenticationServer { authData.setSamlAssertion(samlAssertion); +// String samlArtifact = new SAMLArtifactBuilder().build( +// session.getAuthURL(), session.getSessionID(), +// saml1parameter.getSourceID()); + + //TODO: check if it correct String samlArtifact = new SAMLArtifactBuilder().build( - session.getAuthURL(), session.getSessionID(), - saml1parameter.getSourceID()); + session.getAuthURL(), Random.nextRandom(), + saml1parameter.getSourceID()); storeAuthenticationData(samlArtifact, authData); |