diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
6 files changed, 18 insertions, 11 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index d587092eb..d4d01d3d1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -435,6 +435,7 @@ public class DispatcherServlet extends AuthServlet{ moasessionID = (String) req.getParameter(PARAM_SESSIONID); moasession = AuthenticationSessionStoreage.getSession(moasessionID); + AuthenticationSessionStoreage.changeSessionID(moasession); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index be0132c14..7dba67174 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -133,7 +133,7 @@ public class AuthenticationManager extends AuthServlet { authSession.setAuthenticatedUsed(true); AuthenticationSessionStoreage.storeSession(authSession); - + // HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, // sessionID); return true; // got authenticated diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 76757e28e..a65edffd0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -117,9 +118,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { throw new AuthenticationException("1206", new Object[] { samlArtifact }); } } - - boolean keepAssertion = false; - + //removed from MOA-ID 2.0 config // try { // String boolStr = AuthConfigurationProvider.getInstance() @@ -132,9 +131,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer { // throw new AuthenticationException("1205", new Object[] { // samlArtifact, ex.toString() }); // } - if (!keepAssertion) { - authenticationDataStore.remove(samlArtifact); - } + + authenticationDataStore.remove(samlArtifact); long now = new Date().getTime(); @@ -319,9 +317,14 @@ public class SAML1AuthenticationServer extends AuthenticationServer { authData.setSamlAssertion(samlAssertion); +// String samlArtifact = new SAMLArtifactBuilder().build( +// session.getAuthURL(), session.getSessionID(), +// saml1parameter.getSourceID()); + + //TODO: check if it correct String samlArtifact = new SAMLArtifactBuilder().build( - session.getAuthURL(), session.getSessionID(), - saml1parameter.getSourceID()); + session.getAuthURL(), Random.nextRandom(), + saml1parameter.getSourceID()); storeAuthenticationData(samlArtifact, authData); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java index ba4f65571..e5a633d5d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java @@ -114,7 +114,9 @@ public class AssertionStorage { try { AssertionStore element = searchInDatabase(artifact); MOASessionDBUtils.delete(element); - + Logger.info("Remove Assertion with Artifact" + artifact); + + } catch (MOADatabaseException e) { Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact + "not found)"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 5da3dd8f6..89ed369f8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -257,7 +257,7 @@ public class AuthenticationSessionStoreage { dbsession.setSSOsessionid(SSOSessionID); dbsession.setAuthenticated(false); dbsession.setPendingRequestID(""); - + //Store MOASession session.saveOrUpdate(dbsession); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java index da44a3905..8905b96c1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java @@ -136,6 +136,7 @@ public class IdentityLinkReSigner { throw new MOAIDException("builder.05", new Object[]{}); } else { + Logger.debug("MOA-SS Signature createn successfull"); return ser.getSignatureEnvironment(); } |