diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1')
3 files changed, 109 insertions, 18 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index c8a9a24ad..1fbcb9a46 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -27,6 +27,7 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.util.Calendar; import org.apache.axis.AxisFault; +import org.apache.commons.lang3.StringEscapeUtils; import org.w3c.dom.Element; import org.w3c.dom.NodeList; @@ -78,12 +79,12 @@ public class GetAuthenticationDataService implements Constants { throws AxisFault { Element request = requests[0]; - Element[] responses = new Element[1]; + Element[] responses = new Element[1]; String requestID = ""; String statusCode = ""; String subStatusCode = null; String statusMessageCode = null; - String statusMessage = null; + String statusMessage = null; String samlAssertion = ""; boolean useUTC = false; if (requests.length > 1) { @@ -107,14 +108,15 @@ public class GetAuthenticationDataService implements Constants { subStatusCode = "samlp:TooManyResponses"; statusMessageCode = "1203"; } + else { Element samlArtifactElem = (Element)samlArtifactList.item(0); requestID = request.getAttribute("RequestID"); String samlArtifact = DOMUtils.getText(samlArtifactElem); + SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); + try { - - SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); - + AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact); useUTC = authData.getUseUTC(); @@ -123,9 +125,36 @@ public class GetAuthenticationDataService implements Constants { samlAssertion = authData.getSamlAssertion(); statusCode = "samlp:Success"; statusMessageCode = "1200"; - } - catch (AuthenticationException ex) { - // no authentication data for given SAML artifact + } + + catch (ClassCastException ex) { + + try { + Throwable error = saml1server.getErrorResponse(samlArtifact); + statusCode = "samlp:Responder"; + subStatusCode = "samlp:RequestDenied"; + + if (error instanceof MOAIDException) { + statusMessageCode = ((MOAIDException)error).getMessageId(); + statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); + + } else { + statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); + } + + + + } catch (Exception e) { + //no authentication data for given SAML artifact + statusCode = "samlp:Requester"; + subStatusCode = "samlp:ResourceNotRecognized"; + statusMessage = ex.toString(); + } + + } + + catch (AuthenticationException ex) { + //no authentication data for given SAML artifact statusCode = "samlp:Requester"; subStatusCode = "samlp:ResourceNotRecognized"; statusMessage = ex.toString(); @@ -137,10 +166,12 @@ public class GetAuthenticationDataService implements Constants { statusCode = "samlp:Requester"; statusMessageCode = "1204"; } - } + } + try { String responseID = Random.nextRandom(); String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC); + if (statusMessage == null) statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); responses[0] = new SAMLResponseBuilder().build( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 2a7147bcb..fec2d2b35 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -1,13 +1,8 @@ package at.gv.egovernment.moa.id.protocols.saml1; -import iaik.x509.X509Certificate; - -import java.io.File; import java.io.IOException; -import java.security.cert.CertificateEncodingException; import java.util.Date; import java.util.List; -import java.util.Vector; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; @@ -27,16 +22,15 @@ import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -66,6 +60,33 @@ public class SAML1AuthenticationServer extends AuthenticationServer { */ private static final long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes + + public Throwable getErrorResponse(String samlArtifact) throws AuthenticationException { + try { + new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); + + } catch (ParseException ex) { + throw new AuthenticationException("1205", new Object[] { + samlArtifact, ex.toString() }); + } + Throwable error = null; + synchronized (authenticationDataStore) { + try { + error = authenticationDataStore + .get(samlArtifact, Throwable.class); + + authenticationDataStore.remove(samlArtifact); + + } catch (MOADatabaseException e) { + Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); + } + + } + + return error; + } + /** * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact. * The <code>AuthenticationData</code> is deleted from the store upon end of @@ -77,6 +98,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { throws AuthenticationException { try { new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); + } catch (ParseException ex) { throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString() }); @@ -123,6 +145,18 @@ public class SAML1AuthenticationServer extends AuthenticationServer { return authData; } + public String BuildErrorAssertion(Throwable error, IRequest protocolRequest) + throws BuildException, MOADatabaseException { + + String samlArtifact = new SAMLArtifactBuilder().build( + protocolRequest.getOAURL(), protocolRequest.getRequestID(), + null); + + authenticationDataStore.put(samlArtifact, error); + + return samlArtifact; + } + public String BuildSAMLArtifact(AuthenticationSession session, OAAuthParameter oaParam, AuthenticationData authData) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index fad25bc20..a310b16ff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -13,6 +13,7 @@ import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; @@ -22,6 +23,8 @@ import at.gv.egovernment.moa.id.moduls.ServletInfo; import at.gv.egovernment.moa.id.moduls.ServletType; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { @@ -107,8 +110,22 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable{ - // TODO Auto-generated method stub - return false; + + SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace(); + + String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest); + + String url = "RedirectServlet"; + url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); + url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + url = response.encodeRedirectURL(url); + + response.setContentType("text/html"); + response.setStatus(302); + response.addHeader("Location", url); + Logger.debug("REDIRECT TO: " + url); + + return true; } public IAction getAction(String action) { @@ -145,5 +162,14 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { return true; } + + protected static String addURLParameter(String url, String paramname, + String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } } |