aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java129
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/DoAuthentication.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java79
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java66
9 files changed, 294 insertions, 64 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index afe0bd1d6..57c14b15e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1945,6 +1945,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
} else {
session.setAuthData(authData);
+ session.setAuthenticatedUsed(false);
+ session.setAuthenticated(true);
+
+ session.setXMLVerifySignatureResponse(vsresp);
String newMOASessionID = AuthenticationSessionStore.changeSessionID(session);
Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID);
@@ -2145,6 +2149,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setAuthData(authData);
session.setMandateData(mandateData);
+ session.setAuthenticatedUsed(false);
+ session.setAuthenticated(true);
String newMOASessionID = AuthenticationSessionStore.changeSessionID(session);
Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID);
@@ -2309,6 +2315,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
useUTC, true);
session.setAuthData(authData);
+ session.setAuthenticatedUsed(false);
+ session.setAuthenticated(true);
+ session.setXMLVerifySignatureResponse(vsresp);
String newMOASessionID = AuthenticationSessionStore.changeSessionID(session);
Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 6a69a8002..3e909ecd4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -272,6 +272,10 @@ public class AuthenticationSession {
public boolean isAuthenticated() {
return authenticated;
}
+
+ public void setAuthenticated(boolean authenticated) {
+ this.authenticated = authenticated;
+ }
public String getRequestedProtocolURL() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 5ff5b6f63..029aeadc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -32,6 +32,7 @@ import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.swing.text.StyleContext.SmallAttributeSet;
import org.apache.commons.lang.StringEscapeUtils;
import org.opensaml.saml2.metadata.RequestedAttribute;
@@ -46,6 +47,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -108,6 +110,7 @@ public class StartAuthenticationServlet extends AuthServlet {
String action = req.getParameter(PARAM_ACTION);
// escape parameter strings
+ //TODO: use URLEncoder.encode!!
target = StringEscapeUtils.escapeHtml(target);
sourceID = StringEscapeUtils.escapeHtml(sourceID);
oaURL = StringEscapeUtils.escapeHtml(oaURL);
@@ -139,7 +142,13 @@ public class StartAuthenticationServlet extends AuthServlet {
if (!ParamValidatorUtils.isValidCCC(ccc))
throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
-
+ if(modul == null) {
+ modul = SAML1Protocol.PATH;
+ }
+
+ if(action == null) {
+ action = SAML1Protocol.GETARTIFACT;
+ }
OAAuthParameter oaParam =
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java
index ae0717a6d..38b876e76 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java
@@ -12,7 +12,10 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.ITargetConfiguration;
@@ -22,7 +25,7 @@ import at.gv.egovernment.moa.id.moduls.ServletType;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
-public class AuthDispatcherServlet extends HttpServlet {
+public class AuthDispatcherServlet extends AuthServlet {
/**
*
@@ -135,9 +138,9 @@ public class AuthDispatcherServlet extends HttpServlet {
try {
Object pathObject = req.getParameter(PARAM_TARGET_PATH);
String path = null;
-
+
HttpSession session = req.getSession();
-
+
if (pathObject != null && (pathObject instanceof String)) {
path = (String) pathObject;
}
@@ -170,10 +173,10 @@ public class AuthDispatcherServlet extends HttpServlet {
ITargetConfiguration configuration = info.preProcess(req, resp);
if (!AuthenticationManager.isAuthenticated(req, resp)) {
-
+
session.setAttribute(PARAM_TARGET_PATH, path);
session.setAttribute(PARAM_TARGET_PROTOCOL, protocol);
-
+
AuthenticationManager.doAuthentication(req, resp,
configuration);
return;
@@ -190,6 +193,8 @@ public class AuthDispatcherServlet extends HttpServlet {
Logger.info("Forwarding to Servlet: " + forward);
getServletContext().getNamedDispatcher(forward)
.forward(req, resp);
+ // TODO: disabled SSO
+ AuthenticationManager.logout(req, resp);
return;
} catch (Throwable e) {
e.printStackTrace();
@@ -198,6 +203,10 @@ public class AuthDispatcherServlet extends HttpServlet {
}
}
resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+ } catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ } catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
} catch (Throwable e) {
e.printStackTrace();
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index eeb16fcf9..302031fe3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -8,70 +8,133 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.entrypoints.AuthDispatcherServlet;
import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
public class AuthenticationManager implements MOAIDAuthConstants {
-
+
public static final String MOA_SESSION = "MoaAuthenticationSession";
public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
-
- public static AuthenticationSession getAuthenticationSession(HttpSession session) {
- String sessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
- if(sessionID != null) {
+
+ public static AuthenticationSession getAuthenticationSession(
+ HttpSession session) {
+ String sessionID = HTTPSessionUtils.getHTTPSessionString(session,
+ MOA_SESSION, null);
+ if (sessionID != null) {
return AuthenticationSessionStore.getSession(sessionID);
}
return null;
}
-
+
/**
- * Checks if the session is authenticated
+ * Checks if the session is authenticated
+ *
* @param request
* @param response
* @return
*/
- public static boolean isAuthenticated(HttpServletRequest request, HttpServletResponse response) {
+ public static boolean isAuthenticated(HttpServletRequest request,
+ HttpServletResponse response) {
Logger.info("Checking authentication");
-
+
HttpSession session = request.getSession();
-
- String sessionID = (String)request.getAttribute(PARAM_SESSIONID);
- if(sessionID != null) {
- AuthenticationSession authSession = AuthenticationSessionStore.getSession(sessionID);
- if(authSession != null) {
- if(authSession.isAuthenticated() && !authSession.isAuthenticatedUsed()) {
+
+ String sessionID = (String) request.getParameter(PARAM_SESSIONID);
+ if (sessionID != null) {
+ Logger.info("got MOASession: " + sessionID);
+ AuthenticationSession authSession = AuthenticationSessionStore
+ .getSession(sessionID);
+ //AuthenticationSessionStore.dumpSessionStore();
+ if (authSession != null) {
+ Logger.info("MOASession found! A: "
+ + authSession.isAuthenticated() + ", AU "
+ + authSession.isAuthenticatedUsed());
+ if (authSession.isAuthenticated()
+ && !authSession.isAuthenticatedUsed()) {
session.invalidate();
session = request.getSession();
- HTTPSessionUtils.setHTTPSessionBoolean(session, MOA_AUTHENTICATED, true);
+ // HTTPSessionUtils.setHTTPSessionBoolean(session,
+ // MOA_AUTHENTICATED, true);
authSession.setAuthenticatedUsed(true);
- HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, sessionID);
+ HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION,
+ sessionID);
}
+ return authSession.isAuthenticated();
}
}
-
- return HTTPSessionUtils.getHTTPSessionBoolean(session, MOA_AUTHENTICATED, false);
+
+ return false;
}
-
- public static void doAuthentication(HttpServletRequest request, HttpServletResponse response,
- ITargetConfiguration target)
- throws ServletException, IOException {
+
+ public static void logout(HttpServletRequest request,
+ HttpServletResponse response) {
+ Logger.info("Logout");
+
HttpSession session = request.getSession();
- Logger.info("Starting authentication ...");
- String modul = (String)session.getAttribute(AuthDispatcherServlet.PARAM_TARGET_PATH);
- String protocol = (String)session.getAttribute(AuthDispatcherServlet.PARAM_TARGET_PROTOCOL);
- String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(), modul, protocol);
+ String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
- response.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(response.getOutputStream());
- out.print(loginForm);
- out.flush();
- return;
+ if(moaSessionID == null) {
+ moaSessionID = (String) request.getParameter(PARAM_SESSIONID);
+ }
+
+ if(moaSessionID == null) {
+ Logger.info("NO MOA Session to logout");
+ return;
+ }
+
+ AuthenticationSession authSession = AuthenticationSessionStore
+ .getSession(moaSessionID);
+
+ if(authSession == null) {
+ Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+ return;
+ }
+
+ authSession.setAuthenticated(false);
+ HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
+ AuthenticationSessionStore.destroySession(moaSessionID);
+ session.invalidate();
+ }
+
+ public static void doAuthentication(HttpServletRequest request,
+ HttpServletResponse response, ITargetConfiguration target)
+ throws ServletException, IOException, MOAIDException {
+ HttpSession session = request.getSession();
+ Logger.info("Starting authentication ...");
+ String modul = (String) session
+ .getAttribute(AuthDispatcherServlet.PARAM_TARGET_PATH);
+ String protocol = (String) session
+ .getAttribute(AuthDispatcherServlet.PARAM_TARGET_PROTOCOL);
+
+ if (!ParamValidatorUtils.isValidOA(target.getOAURL()))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ "auth.12");
+
+ if (target.getOAURL() == null) {
+ throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ "auth.12");
+ }
+
// TODO: Build authentication form
- //session.getServletContext().getNamedDispatcher("StartAuthenticationServlet").forward(request, response);
+
+ /*
+ * String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(),
+ * modul, protocol);
+ *
+ * response.setContentType("text/html;charset=UTF-8"); PrintWriter out =
+ * new PrintWriter(response.getOutputStream()); out.print(loginForm);
+ * out.flush(); return;
+ */
+
+ session.getServletContext().getNamedDispatcher("StartAuthentication")
+ .forward(request, response);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java
index 3096341e0..e54bba10d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java
@@ -32,6 +32,14 @@ public class AuthenticationSessionStore {
return session;
}
+ public static void destroySession(String moaSessionID) {
+ synchronized (sessionStore) {
+ if (sessionStore.containsKey(moaSessionID)) {
+ sessionStore.remove(moaSessionID);
+ }
+ }
+ }
+
public static void dumpSessionStore() {
synchronized (sessionStore) {
Set<String> keys = sessionStore.keySet();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/DoAuthentication.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/DoAuthentication.java
new file mode 100644
index 000000000..bcc4111af
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/DoAuthentication.java
@@ -0,0 +1,33 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+
+public class DoAuthentication extends AuthServlet {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ protected void process(HttpServletRequest req, HttpServletResponse resp) {
+
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ process(req, resp);
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ process(req, resp);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
new file mode 100644
index 000000000..57485f7a2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -0,0 +1,79 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.ITargetConfiguration;
+import at.gv.egovernment.moa.id.moduls.ServletInfo;
+import at.gv.egovernment.moa.id.moduls.ServletType;
+import at.gv.egovernment.moa.id.moduls.TargetConfigurationImpl;
+import at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+
+public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
+
+ public static final String NAME = PVP2XProtocol.class.getName();
+ public static final String PATH = "id_pvp2x";
+
+ public static final String GETARTIFACT = "GetArtifact";
+
+ private static List<ServletInfo> servletList = new ArrayList<ServletInfo>();
+
+ static {
+ servletList.add(new ServletInfo(GetArtifactServlet.class, GETARTIFACT,
+ ServletType.AUTH));
+
+ instance = new PVP2XProtocol();
+ }
+
+ private static PVP2XProtocol instance = null;
+
+ public static PVP2XProtocol getInstance() {
+ if (instance == null) {
+ instance = new PVP2XProtocol();
+ }
+ return instance;
+ }
+
+ public List<ServletInfo> getServlets() {
+ return servletList;
+ }
+
+
+ public String getName() {
+ return NAME;
+ }
+
+ public String getPath() {
+ return PATH;
+ }
+
+ public ITargetConfiguration preProcess(HttpServletRequest request,
+ HttpServletResponse response) throws MOAIDException {
+ TargetConfigurationImpl config = new TargetConfigurationImpl();
+ String oaURL = (String) request.getParameter(PARAM_OA);
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ "auth.12");
+ config.setOAURL(oaURL);
+ request.getSession().setAttribute(PARAM_OA, oaURL);
+ return config;
+ }
+
+ public boolean generateErrorMessage(Throwable e,
+ HttpServletRequest request, HttpServletResponse response) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
index 4dc4a2b35..54bea4bb4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
@@ -21,6 +21,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLEncoder;
public class GetArtifactServlet extends AuthServlet {
@@ -54,45 +56,59 @@ public class GetArtifactServlet extends AuthServlet {
throw new WrongParametersException("StartAuthentication",
PARAM_OA, "auth.12");
+ if (oaURL == null) {
+ oaURL = session.getOAURLRequested();
+ }
+
+ if (oaURL == null) {
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.12");
+ }
+
String samlArtifactBase64 = SAML1AuthenticationServer
.BuildSAMLArtifact(session);
+ String redirectURL = oaURL;
+ session.getOAURLRequested();
+ if (!session.getBusinessService()) {
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
+ URLEncoder.encode(session.getTarget(), "UTF-8"));
+
+ }
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
+ URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+ // CONFIRMATION FOR SSO!
/*
- * String redirectURL = oaURL;//session.getOAURLRequested(); if
- * (!session.getBusinessService()) { redirectURL =
- * addURLParameter(redirectURL, PARAM_TARGET,
- * URLEncoder.encode(session.getTarget(), "UTF-8"));
+ * OAAuthParameter oaParam =
+ * AuthConfigurationProvider.getInstance().
+ * getOnlineApplicationParameter(oaURL);
*
- * } redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
- * URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL =
- * resp.encodeRedirectURL(redirectURL);
+ * String friendlyName = oaParam.getFriendlyName(); if(friendlyName
+ * == null) { friendlyName = oaURL; }
*
- * resp.setContentType("text/html"); resp.setStatus(302);
*
- * resp.addHeader("Location", redirectURL);
- * Logger.debug("REDIRECT TO: " + redirectURL);
+ * LoginConfirmationBuilder builder = new
+ * LoginConfirmationBuilder();
+ * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64);
+ * String form = builder.finish(oaURL, session.getIdentityLink()
+ * .getName(), friendlyName);
*/
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
-
- String friendlyName = oaParam.getFriendlyName();
- if(friendlyName == null) {
- friendlyName = oaURL;
- }
-
- LoginConfirmationBuilder builder = new LoginConfirmationBuilder();
- builder.addParameter(PARAM_SAMLARTIFACT,
- samlArtifactBase64);
- String form = builder.finish(oaURL, session.getIdentityLink()
- .getName(), friendlyName);
-
+ /*
resp.setContentType("text/html");
OutputStream out = resp.getOutputStream();
out.write(form.getBytes("UTF-8"));
out.flush();
- out.close();
+ out.close();*/
} catch (WrongParametersException ex) {
handleWrongParameters(ex, req, resp);