diff options
Diffstat (limited to 'id/server/idserverlib/src/main/resources/at/gv')
2 files changed, 73 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml new file mode 100644 index 000000000..f58fd3c02 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="DefaultAuthentication" xmlns:pd="http://www.datentechnik.com/process-engine/processdefinition/v1">
+
+<!--
+ - National authentication with Austrian Citizen Card and mobile signature with our without mandate.
+ - Legacy authentication for foreign citizens using MOCCA supported signature cards.
+-->
+ <pd:Task id="createIdentityLinkForm" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CreateIdentityLinkFormTask" />
+ <pd:Task id="verifyIdentityLink" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyIdentityLinkTask" async="true" />
+ <pd:Task id="verifyAuthBlock" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyAuthenticationBlockTask" async="true" />
+ <pd:Task id="verifyCertificate" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyCertificateTask" async="true" />
+ <pd:Task id="getMISSessionID" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask" async="true" />
+ <pd:Task id="certificateReadRequest" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CertificateReadRequestTask" />
+ <pd:Task id="prepareAuthBlockSignature" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.PrepareAuthBlockSignatureTask" />
+ <pd:Task id="getForeignID" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetForeignIDTask" async="true" />
+
+ <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+ <pd:StartEvent id="start" />
+
+ <pd:Transition from="start" to="createIdentityLinkForm" />
+
+ <pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
+
+ <pd:Transition from="verifyIdentityLink" to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" />
+ <pd:Transition from="verifyIdentityLink" to="prepareAuthBlockSignature" />
+
+ <pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" />
+ <!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. -->
+
+ <pd:Transition from="certificateReadRequest" to="verifyCertificate" />
+ <!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. -->
+
+ <pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
+ <pd:Transition from="verifyCertificate" to="getForeignID" />
+
+ <pd:Transition from="verifyAuthBlock" to="getMISSessionID" conditionExpression="ctx['useMandate']" />
+ <pd:Transition from="verifyAuthBlock" to="end" />
+
+ <pd:Transition from="getMISSessionID" to="end" />
+ <pd:Transition from="getForeignID" to="end" />
+
+ <pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml new file mode 100644 index 000000000..04fc476fe --- /dev/null +++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml @@ -0,0 +1,29 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="STORKAuthentication" xmlns:pd="http://www.datentechnik.com/process-engine/processdefinition/v1">
+
+<!--at.gv.egovernment.moa.id.auth.modules.stork.tasks.AbstractPepsConnectorWithLocalSigningTask
+ - STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures.
+-->
+ <pd:Task id="createStorkAuthRequestForm" class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.CreateStorkAuthRequestFormTask" />
+ <pd:Task id="pepsConnector" class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorTask" async="true" />
+ <pd:Task id="pepsConnectorWithoutSignature" class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorHandleResponseWithoutSignatureTask" async="true" />
+ <pd:Task id="pepsConnectorWithLocalSignature" class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorHandleLocalSignResponseTask" async="true" />
+
+ <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+ <pd:StartEvent id="start" />
+
+ <pd:Transition from="start" to="createStorkAuthRequestForm" />
+
+ <pd:Transition from="createStorkAuthRequestForm" to="pepsConnector" conditionExpression="ctx['C-PEPS:XMLSignatureSupported']" />
+ <pd:Transition from="createStorkAuthRequestForm" to="pepsConnectorWithoutSignature" />
+
+ <pd:Transition from="pepsConnector" to="pepsConnector" conditionExpression="!ctx['identityLinkAvailable']" /> <!-- honor strange intermediate step of asking for the subject's gender -->
+ <pd:Transition from="pepsConnector" to="end" />
+
+ <pd:Transition from="pepsConnectorWithoutSignature" to="pepsConnectorWithLocalSignature" />
+ <pd:Transition from="pepsConnectorWithLocalSignature" to="pepsConnectorWithoutSignature" conditionExpression="!ctx['identityLinkAvailable']" /> <!-- honor strange intermediate step of asking for the subject's gender -->
+ <pd:Transition from="pepsConnectorWithLocalSignature" to="end" />
+
+ <pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
|