diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols')
4 files changed, 63 insertions, 32 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java index e6f08abd9..bf00cadaf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java @@ -34,6 +34,7 @@ import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.AbstractController; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; @@ -99,9 +100,32 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro } catch (Exception e) { buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); + removeUserSession(pendingReq, req, resp); + } } + + protected String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp, + IRequest pendingReq, AuthenticationSession moaSession) { + Logger.debug("Add SSO information to MOASession."); + + //Store SSO information into database + String newSSOSessionId = ssomanager.createSSOSessionInformations(moaSession.getSessionID(), + pendingReq.getOAURL()); + + //set SSO cookie to response + if (MiscUtil.isNotEmpty(newSSOSessionId)) { + ssomanager.setSSOSessionID(req, resp, newSSOSessionId); + + } else { + ssomanager.deleteSSOSessionID(req, resp); + + } + + return newSSOSessionId; + } + /** * Finalize the requested protocol operation * @@ -118,21 +142,7 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro //if Single Sign-On functionality is enabled for this request if (pendingReq.needSingleSignOnFunctionality()) { - - Logger.debug("Add SSO information to MOASession."); - - //Store SSO information into database - newSSOSessionId = ssomanager.createSSOSessionInformations(moaSession.getSessionID(), - pendingReq.getOAURL()); - - //set SSO cookie to response - if (MiscUtil.isNotEmpty(newSSOSessionId)) { - ssomanager.setSSOSessionID(req, resp, newSSOSessionId); - - } else { - ssomanager.deleteSSOSessionID(req, resp); - - } + newSSOSessionId = createNewSSOSessionCookie(req, resp, pendingReq, moaSession); } @@ -202,6 +212,23 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro } + protected void removeUserSession(IRequest pendingReq, HttpServletRequest req, + HttpServletResponse resp) { + try { + AuthenticationSession moaSession = authenticatedSessionStorage.getSession( + pendingReq.getMOASessionIdentifier()); + + if (moaSession != null) + authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); + + } catch (MOADatabaseException e) { + Logger.error("Remove user-session FAILED." , e); + + } + + + } + protected void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req, HttpServletResponse resp, IRequest protocolRequest) throws IOException { try { @@ -226,12 +253,6 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro //log Error Message statisticLogger.logErrorOperation(throwable, protocolRequest); - //remove MOASession - AuthenticationSession moaSession = authenticatedSessionStorage.getSession( - protocolRequest.getMOASessionIdentifier()); - if (moaSession != null) - authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); - return; } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java index 009ef4b6d..a9fc994ec 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java @@ -75,15 +75,9 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon //build protocol-specific error message if possible buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); - - //get MOASession for this pendingRequest - AuthenticationSession moaSession = - authenticatedSessionStorage.getSession( - pendingReq.getMOASessionIdentifier()); - - //remove MOASession if someone is found - if (moaSession != null) - authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); + + //remove active user-session + removeUserSession(pendingReq, req, resp); return; @@ -135,9 +129,18 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon //check if pending-request has 'abortedByUser' flag set if (pendingReq.isAbortedByUser()) { + //send authentication aborted error to Service Provider buildProtocolSpecificErrorResponse( new AuthenticationException("auth.21", new Object[] {}), req, resp, pendingReq); + + //do not remove the full active SSO-Session + // in case of only one Service-Provider authentication request is aborted + if ( !(moaSession.isAuthenticated() + && pendingReq.needSingleSignOnFunctionality()) ) { + removeUserSession(pendingReq, req, resp); + + } //check if MOASession and pending-request are authenticated } else if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) { @@ -155,6 +158,8 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon Logger.error("Finalize authentication protocol FAILED." , e); buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); + removeUserSession(pendingReq, req, resp); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java index 21f505bf1..2882f20e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -76,6 +76,7 @@ public class AuthenticationAction implements IAction { DateTime date = new DateTime(); SLOInformationImpl sloInformation = new SLOInformationImpl(); + //build Assertion Assertion assertion = PVP2AssertionBuilder.buildAssertion(pvpRequest, authnRequest, authData, @@ -106,6 +107,7 @@ public class AuthenticationAction implements IAction { //set protocol type sloInformation.setProtocolType(req.requestedModule()); + sloInformation.setSpEntityID(req.getOnlineApplicationConfiguration().getPublicURLPrefix()); return sloInformation; } catch (MessageEncodingException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index a7fc8295a..cffc9378a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -439,7 +439,7 @@ public class SingleLogOutBuilder { if (!oa.getOaurlprefix().equals(removeOAID)) { //Actually only PVP 2.1 support Single LogOut - if (PVP2XProtocol.PATH.equals(oa.getProtocolType())) { + if (PVP2XProtocol.NAME.equals(oa.getProtocolType())) { SingleLogoutService sloDesc; try { sloDesc = getRequestSLODescriptor(oa.getOaurlprefix()); @@ -447,7 +447,8 @@ public class SingleLogOutBuilder { if (sloDesc.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) container.getActiveBackChannelOAs().put(oa.getOaurlprefix(), new SLOInformationImpl( - oa.getAuthURL(), + oa.getAuthURL(), + oa.getOaurlprefix(), oa.getAssertionSessionID(), oa.getUserNameID(), oa.getUserNameIDFormat(), @@ -458,6 +459,7 @@ public class SingleLogOutBuilder { container.getActiveFrontChannalOAs().put(oa.getOaurlprefix(), new SLOInformationImpl( oa.getAuthURL(), + oa.getOaurlprefix(), oa.getAssertionSessionID(), oa.getUserNameID(), oa.getUserNameIDFormat(), @@ -498,6 +500,7 @@ public class SingleLogOutBuilder { container.getActiveFrontChannalOAs().put(el.getIdpurlprefix(), new SLOInformationImpl( el.getAuthURL(), + el.getIdpurlprefix(), el.getSessionIndex(), el.getUserNameID(), NameID.TRANSIENT, |