aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java12
3 files changed, 21 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index c22f6d25f..c337433b6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -52,6 +52,13 @@ public class GetArtifactAction implements IAction {
String oaURL = (String) req.getOAURL();
String target = (String) req.getTarget();
+ String sourceID = null;
+ if (req instanceof SAML1RequestImpl) {
+ SAML1RequestImpl saml1req = (SAML1RequestImpl) req;
+ sourceID = saml1req.getSourceID();
+
+ }
+
try {
@@ -84,7 +91,7 @@ public class GetArtifactAction implements IAction {
Logger.info("MOA assertion assembled and SAML Artifact generated.");
}
- String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData);
+ String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData, sourceID);
if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) {
String url = "RedirectServlet";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 7c91026bf..6391860ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -165,7 +165,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
public String BuildSAMLArtifact(AuthenticationSession session,
OAAuthParameter oaParam,
- AuthenticationData authData)
+ AuthenticationData authData, String sourceID)
throws ConfigurationException, BuildException, AuthenticationException {
//Load SAML1 Parameter from OA config
@@ -326,7 +326,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
String samlArtifact = new SAMLArtifactBuilder().build(
session.getAuthURL(), Random.nextRandom(),
- saml1parameter.getSourceID());
+ sourceID);
storeAuthenticationData(samlArtifact, authData);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index ada0bfa8f..b6a2ac0b6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -82,7 +82,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
public IRequest preProcess(HttpServletRequest request,
HttpServletResponse response, String action) throws MOAIDException {
- RequestImpl config = new RequestImpl();
+ SAML1RequestImpl config = new SAML1RequestImpl();
if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isSAML1Active()) {
Logger.info("SAML1 is deaktivated!");
@@ -96,6 +96,9 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
String target = (String) request.getParameter(PARAM_TARGET);
target = StringEscapeUtils.escapeHtml(target);
+ String sourceID = request.getParameter(PARAM_SOURCEID);
+ sourceID = StringEscapeUtils.escapeHtml(sourceID);
+
//the target parameter is used to define the OA in SAML1 standard
if (target != null && target.startsWith("http")) {
oaURL = target;
@@ -112,10 +115,15 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
if (!ParamValidatorUtils.isValidOA(oaURL))
throw new WrongParametersException("StartAuthentication", PARAM_OA,
"auth.12");
+
config.setOAURL(oaURL);
Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
+ if (!ParamValidatorUtils.isValidSourceID(sourceID))
+ throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
+
+
//load Target only from OA config
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(oaURL);
@@ -131,6 +139,8 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
new Object[] { oaURL });
}
+ config.setSourceID(sourceID);
+
config.setTarget(oaParam.getTarget());
// request.getSession().setAttribute(PARAM_OA, oaURL);