aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java106
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java29
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties7
29 files changed, 332 insertions, 76 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index d7083ec81..c99c88f5f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1826,11 +1826,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String destination = cpeps.getPepsURL().toExternalForm();
Logger.debug("C-PEPS URL: " + destination);
- String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+
+ String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+ String acsURL = new DataURLBuilder().buildDataURL(issuerValue,
+ PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID());
Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL);
String providerName = oaParam.getFriendlyName();
- String issuerValue = HTTPUtils.getBaseURL(req);
Logger.debug("Issuer value: " + issuerValue);
// prepare collection of required attributes
@@ -1903,6 +1905,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.debug("STORK AuthnRequest succesfully assembled.");
STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing");
+
+ if (samlEngine == null) {
+ Logger.error("Could not initalize STORK SAML engine.");
+ throw new MOAIDException("stork.00", null);
+
+ }
+
try {
authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest);
} catch (STORKSAMLEngineException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index db9bc588f..30ad0bdc9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -272,7 +272,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
}
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
- new Object[] { generateSpecialText(text, issuer, issueInstant) });
+ new Object[] { generateSpecialText(text, issuer, gebDat, issueInstant) });
//generate unique AuthBlock tokken
String uniquetokken = Random.nextRandom();
@@ -424,7 +424,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
}
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
- new Object[] { generateSpecialText(text, issuer, issueInstant) });
+ new Object[] { generateSpecialText(text, issuer, gebDat, issueInstant) });
//generate unique AuthBlock tokken
String uniquetokken = Random.nextRandom();
@@ -454,12 +454,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
}
- public static String generateSpecialText(String inputtext, String issuer, String issueInstant) {
+ public static String generateSpecialText(String inputtext, String issuer, String gebDat, String issueInstant) {
Calendar datetime = DatatypeConverter.parseDateTime(issueInstant);
SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
SimpleDateFormat timeformat = new SimpleDateFormat("HH:mm:ss");
String text = inputtext.replaceAll("#NAME#", issuer);
+ text = text.replaceAll("#BIRTHDAY#", gebDat);
text = text.replaceAll("#DATE#", dateformat.format(datetime.getTime()));
text = text.replaceAll("#TIME#", timeformat.format(datetime.getTime()));
@@ -536,7 +537,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
if (MiscUtil.isEmpty(text))
text="";
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
- new Object[] { generateSpecialText(text, issuer, issueInstant) });
+ new Object[] { generateSpecialText(text, issuer, gebDat, issueInstant) });
//generate unique AuthBlock tokken
String uniquetokken = Random.nextRandom();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index b2c47fac0..762d9af2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -299,7 +299,7 @@ public class CreateXMLSignatureResponseValidator {
}
- String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant);
+ String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
if (!samlSpecialText.equals(specialText)) {
throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
}
@@ -528,7 +528,7 @@ public class CreateXMLSignatureResponseValidator {
}
- String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant);
+ String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
if (!samlSpecialText.equals(specialText)) {
throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
new file mode 100644
index 000000000..971222b67
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SLOInformationImpl implements SLOInformationInterface {
+
+
+ private String sessionIndex = null;
+ private String nameID = null;
+ private String protocolType = null;
+
+ public SLOInformationImpl(String sessionID, String nameID, String protocolType) {
+ this.sessionIndex = sessionID;
+ this.nameID = nameID;
+ this.protocolType = protocolType;
+
+ }
+
+
+ /**
+ *
+ */
+ public SLOInformationImpl() {
+
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getSessionIndex()
+ */
+ @Override
+ public String getSessionIndex() {
+ return sessionIndex;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIdentifier()
+ */
+ @Override
+ public String getUserNameIdentifier() {
+ return nameID;
+
+ }
+
+
+ /**
+ * @param sessionIndex the sessionIndex to set
+ */
+ public void setSessionIndex(String sessionIndex) {
+ this.sessionIndex = sessionIndex;
+ }
+
+
+ /**
+ * @param nameID the nameID to set
+ */
+ public void setUserNameIdentifier(String nameID) {
+ this.nameID = nameID;
+ }
+
+
+
+ /**
+ * @param protocolType the protocolType to set
+ */
+ public void setProtocolType(String protocolType) {
+ this.protocolType = protocolType;
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getProtocolType()
+ */
+ @Override
+ public String getProtocolType() {
+ return protocolType;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
new file mode 100644
index 000000000..7290665e9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface SLOInformationInterface {
+
+
+ /**
+ * get AssertionID which was used for Service Provider Single LogOut request
+ *
+ * @return
+ * SessionID (SessionIndex in case of SAML2)
+ */
+ public String getSessionIndex();
+
+ /**
+ * get user identifier which was used
+ *
+ * @return
+ * bPK / wbPK (nameID in case of SAML2)
+ */
+ public String getUserNameIdentifier();
+
+
+ /**
+ * get protocol type which was used for authentication
+ *
+ * @return
+ * return authentication protocol type
+ */
+ public String getProtocolType();
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 480deb867..9fb2c7a69 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -46,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
@@ -408,7 +409,7 @@ public class DispatcherServlet extends AuthServlet{
}
- String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession);
+ SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession);
RequestStorage.removePendingRequest(protocolRequestID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
index 9a3d3986b..a2843d026 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
@@ -28,9 +28,10 @@ import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
public interface IAction extends MOAIDAuthConstants {
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession)
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession)
throws MOAIDException;
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
index b95c08044..6c2f3e75a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
@@ -22,9 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.monitoring;
-import java.io.File;
-import java.io.FileInputStream;
import java.io.InputStream;
+import java.net.URL;
import java.util.List;
import org.w3c.dom.Element;
@@ -49,8 +48,9 @@ public class IdentityLinkTestModule implements TestModuleInterface {
public void initializeTest(long delayParam, String url) throws Exception{
if (MiscUtil.isNotEmpty(url)) {
- File idlfile = new File(url);
- InputStream idlstream = new FileInputStream(idlfile);
+
+ URL keystoreURL = new URL(url);
+ InputStream idlstream = keystoreURL.openStream();
identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
index ccfa6d5d1..84581abe8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
@@ -30,6 +30,7 @@ import java.util.Map;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
public class TestManager {
@@ -54,7 +55,7 @@ public class TestManager {
//add IdentityLink verification test
IdentityLinkTestModule test2 = new IdentityLinkTestModule();
- String idlurl = config.getMonitoringTestIdentityLinkURL();
+ String idlurl = FileUtils.makeAbsoluteURL(config.getMonitoringTestIdentityLinkURL(), config.getRootConfigFileDir());
try {
test2.initializeTest(0, idlurl);
tests.put(test2.getName(), test2);;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
index 8d45a5d86..93a2f7d6d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
@@ -26,6 +26,7 @@ import java.util.Properties;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.util.FileUtils;
public class OAuth20Configuration {
@@ -44,10 +45,12 @@ public class OAuth20Configuration {
public static final String JWT_KEY_PASSWORD = "jwt.ks.key.password";
private Properties props;
+ private String rootDir = null;
private OAuth20Configuration() {
try {
props = AuthConfigurationProvider.getInstance().getGeneralOAuth20ProperiesConfig();
+ rootDir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
}
catch (ConfigurationException e) {
e.printStackTrace();
@@ -55,7 +58,7 @@ public class OAuth20Configuration {
}
public String getJWTKeyStore() {
- return props.getProperty(JWT_KEYSTORE);
+ return FileUtils.makeAbsoluteURL(props.getProperty(JWT_KEYSTORE), rootDir);
}
public String getJWTKeyStorePassword() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index d60b8c230..3cc12ff98 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -37,6 +37,8 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
@@ -57,7 +59,7 @@ import at.gv.egovernment.moa.logging.Logger;
class OAuth20AuthAction implements IAction {
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
AuthenticationSession moasession) throws MOAIDException {
OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req;
@@ -100,7 +102,11 @@ class OAuth20AuthAction implements IAction {
httpResp.addHeader("Location", finalUrl);
Logger.debug("REDIRECT TO: " + finalUrl.toString());
- return accessToken;
+
+ //TODO: maybe add bPK / wbPK to SLO information
+ SLOInformationInterface sloInformation = new SLOInformationImpl(accessToken, null, req.requestedModule());
+
+ return sloInformation;
}
catch (Exception e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index 3f6c148eb..be320271a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
@@ -42,7 +43,7 @@ import com.google.gson.JsonObject;
class OAuth20TokenAction implements IAction {
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
AuthenticationSession moasession) throws MOAIDException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 10618071a..1221e7234 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -27,17 +27,24 @@ import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager;
public class AuthenticationAction implements IAction {
- public String processRequest(IRequest req, HttpServletRequest httpReq,
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
- return RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
+ SLOInformationImpl sloInformation = (SLOInformationImpl) RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
+
+ //set protocol type
+ sloInformation.setProtocolType(req.requestedModule());
+
+ return sloInformation;
}
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 99cba3277..a29728245 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -57,6 +57,7 @@ import org.w3c.dom.Document;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
@@ -69,7 +70,7 @@ public class MetadataAction implements IAction {
private static final int VALIDUNTIL_IN_HOURS = 24;
- public String processRequest(IRequest req, HttpServletRequest httpReq,
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 9def5d22c..def0d9b80 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -53,7 +53,6 @@ import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.w3c.dom.Element;
-import edu.emory.mathcs.backport.java.util.Arrays;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
@@ -66,12 +65,10 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
@@ -86,7 +83,8 @@ import at.gv.egovernment.moa.util.Constants;
public class PVP2AssertionBuilder implements PVPConstants {
public static Assertion buildAssertion(AuthnRequest authnRequest,
- AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date, AssertionConsumerService assertionConsumerService)
+ AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date,
+ AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation)
throws MOAIDException {
Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
@@ -158,10 +156,10 @@ public class PVP2AssertionBuilder implements PVPConstants {
AuthnStatement authnStatement = SAML2Utils
.createSAMLObject(AuthnStatement.class);
- String remoteSessionID = SAML2Utils.getSecureIdentifier();
+
+ String sessionIndex = SAML2Utils.getSecureIdentifier();
authnStatement.setAuthnInstant(date);
- // currently dummy id ...
- authnStatement.setSessionIndex(remoteSessionID);
+ authnStatement.setSessionIndex(sessionIndex);
authnStatement.setAuthnContext(authnContext);
assertion.getAuthnStatements().add(authnStatement);
@@ -338,7 +336,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
subject.setNameID(subjectNameID);
-
+
SubjectConfirmation subjectConfirmation = SAML2Utils
.createSAMLObject(SubjectConfirmation.class);
subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
@@ -378,6 +376,10 @@ public class PVP2AssertionBuilder implements PVPConstants {
assertion.setID(SAML2Utils.getSecureIdentifier());
assertion.setIssueInstant(date);
+ //set SLO information
+ sloInformation.setUserNameIdentifier(subjectNameID.getValue());
+ sloInformation.setSessionIndex(sessionIndex);
+
return assertion;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index ebfffb648..9f2ad2e1b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -55,6 +55,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
public class PVPConfiguration {
@@ -112,12 +113,14 @@ public class PVPConfiguration {
//PVP2 generalpvpconfigdb;
Properties props;
+ String rootDir = null;
private PVPConfiguration() {
try {
//generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig();
-
+ rootDir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
+
} catch (ConfigurationException e) {
e.printStackTrace();
}
@@ -147,7 +150,7 @@ public class PVPConfiguration {
}
public String getIDPKeyStoreFilename() {
- return props.getProperty(IDP_JAVAKEYSTORE);
+ return FileUtils.makeAbsoluteURL(props.getProperty(IDP_JAVAKEYSTORE), rootDir);
}
public String getIDPKeyStorePassword() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 6d9022bd9..f2e3e7cb1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -124,6 +124,7 @@ public class MOAMetadataProvider implements MetadataProvider {
.getAllActiveOnlineApplications();
//set Timestamp
+ Date oldTimeStamp = timestamp;
timestamp = new Date();
Iterator<OnlineApplication> oaIt = oaList.iterator();
@@ -138,7 +139,16 @@ public class MOAMetadataProvider implements MetadataProvider {
String metadataurl = pvp2Config.getMetadataURL();
if (loadedproviders.containsKey(metadataurl)) {
- //PVP2 OA is actually loaded, to nothing
+
+ if (pvp2Config.getUpdateRequiredItem() != null &&
+ pvp2Config.getUpdateRequiredItem().after(oldTimeStamp)) {
+ //PVP2 OA is actually loaded, but update is requested
+ Logger.info("Reload metadata for: " + oa.getFriendlyName());
+ loadedproviders.get(metadataurl).refresh();
+
+ }
+
+ // PVP2 OA is actually loaded, to nothing
providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
loadedproviders.remove(metadataurl);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
index 04ef4cdbf..f5fc01b2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
@@ -32,6 +32,7 @@ import org.opensaml.saml2.core.ArtifactResponse;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
@@ -45,7 +46,7 @@ public class ArtifactResolution implements IRequestHandler {
return (obj.getSamlRequest() instanceof ArtifactResolve);
}
- public String process(MOARequest obj, HttpServletRequest req,
+ public SLOInformationInterface process(MOARequest obj, HttpServletRequest req,
HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException {
if (!handleObject(obj)) {
throw new MOAIDException("pvp2.13", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index fd7ff9885..0e4cd679b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -59,6 +59,8 @@ import org.opensaml.xml.security.x509.X509Credential;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
@@ -80,7 +82,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
return (obj.getSamlRequest() instanceof AuthnRequest);
}
- public String process(MOARequest obj, HttpServletRequest req,
+ public SLOInformationInterface process(MOARequest obj, HttpServletRequest req,
HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException {
if (!handleObject(obj)) {
throw new MOAIDException("pvp2.13", null);
@@ -113,8 +115,11 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
DateTime date = new DateTime();
+ SLOInformationImpl sloInformation = new SLOInformationImpl();
+
//build Assertion
- Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity, date, consumerService);
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession,
+ peerEntity, date, consumerService, sloInformation);
Response authResponse = SAML2Utils.createSAMLObject(Response.class);
@@ -226,8 +231,8 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
// Logger logger = new Logger();
// logger.debug("Redirect Binding Request = " + PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(authResponse)));
-
- return assertion.getID();
+
+ return sloInformation;
} catch (MessageEncodingException e) {
Logger.error("Message Encoding exception", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
index 92a47adb3..6c4f460f1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
@@ -27,11 +27,12 @@ import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
public interface IRequestHandler {
public boolean handleObject(MOARequest obj);
- public String process(MOARequest obj, HttpServletRequest req,
+ public SLOInformationInterface process(MOARequest obj, HttpServletRequest req,
HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index a4f43a97a..264802f09 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
@@ -53,7 +54,7 @@ public class RequestManager {
handler.add(new ArtifactResolution());
}
- public String handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession)
+ public SLOInformationInterface handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession)
throws SAMLRequestNotSupported, MOAIDException {
Iterator<IRequestHandler> it = handler.iterator();
while(it.hasNext()) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index c337433b6..587ca04e7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -37,6 +37,8 @@ import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -46,7 +48,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
public class GetArtifactAction implements IAction {
- public String processRequest(IRequest req, HttpServletRequest httpReq,
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException {
String oaURL = (String) req.getOAURL();
@@ -122,7 +124,10 @@ public class GetArtifactAction implements IAction {
Logger.debug("REDIRECT TO: " + redirectURL);
}
- return authData.getAssertionID();
+ SLOInformationInterface sloInformation =
+ new SLOInformationImpl(authData.getAssertionID(), null, req.requestedModule());
+
+ return sloInformation;
} catch (Exception ex) {
Logger.error("SAML1 Assertion build error", ex);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 0f5e9ee68..f622f4b94 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -152,15 +152,16 @@ public class GetAuthenticationDataService implements Constants {
try {
Throwable error = saml1server.getErrorResponse(samlArtifact);
- statusCode = "samlp:Responder";
- subStatusCode = "samlp:RequestDenied";
+ statusCode = "samlp:RequestDenied";
if (error instanceof MOAIDException) {
- statusMessageCode = ((MOAIDException)error).getMessageId();
+ statusMessageCode = ((MOAIDException)error).getMessageId();
+ subStatusCode = statusMessageCode;
statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage());
} else {
- statusMessage = StringEscapeUtils.escapeXml(error.getMessage());
+ statusMessage = StringEscapeUtils.escapeXml(error.getMessage());
+ subStatusCode = "9999";
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index fe5a96c18..68a891fcd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -1,6 +1,5 @@
package at.gv.egovernment.moa.id.protocols.stork2;
-import java.io.StringWriter;
import java.util.ArrayList;
import java.util.List;
@@ -10,17 +9,16 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.*;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
+
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import javax.servlet.http.HttpServletRequest;
@@ -44,7 +42,7 @@ public class AttributeCollector implements IAction {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)
*/
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
// - fetch the container
String artifactId = (String) httpReq.getParameter(ARTIFACT_ID);
@@ -131,7 +129,14 @@ public class AttributeCollector implements IAction {
addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes);
// see if we need some more attributes
- return processRequest(container, httpReq, httpResp, moasession, oaParam);
+ SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, moasession, oaParam);
+
+ if (sloInfo == null) {
+ sloInfo = new SLOInformationImpl(null, null, req.requestedModule());
+ }
+
+ return sloInfo;
+
}
/**
@@ -142,7 +147,7 @@ public class AttributeCollector implements IAction {
* @return the string
* @throws MOAIDException
*/
- public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException {
+ public SLOInformationInterface processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException {
// check if there are attributes we need to fetch
IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
@@ -202,7 +207,7 @@ public class AttributeCollector implements IAction {
else
new ConsentEvaluator().generateSTORKResponse(response, container);
- return "12345"; // AssertionId
+ return null; // AssertionId
// TODO
} catch (ExternalAttributeRequestRequiredException e) {
@@ -230,7 +235,8 @@ public class AttributeCollector implements IAction {
throw new MOAIDException("stork.11", null);
}
- return "12345"; // TODO what to do here?
+ //TODO: in case of Single LogOut -> SLO information has to be stored
+ return null; // TODO what to do here?
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 51ec1fff3..110ef327f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -6,6 +6,8 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
@@ -45,7 +47,7 @@ public class AuthenticationRequest implements IAction {
private MOASTORKRequest moaStorkRequest = null;
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
this.moaSession = moasession;
@@ -125,7 +127,7 @@ public class AuthenticationRequest implements IAction {
/*
Handles STORKAuthnRequeste received for citizens of other countries
*/
- private String handleMOAStorkRequest(String instanceName, MOASTORKRequest moastorkRequest, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException {
+ private SLOInformationInterface handleMOAStorkRequest(String instanceName, MOASTORKRequest moastorkRequest, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException {
STORKAuthnRequest spAuthnRequest = moastorkRequest.getStorkAuthnRequest();
STORKAuthnRequest storkAuthnRequest = null;
@@ -140,7 +142,7 @@ public class AuthenticationRequest implements IAction {
throw new MOAIDException("stork.05", null); // TODO
}
-
+ //TODO: in case of Single LogOut -> SLO information has to be stored
// check if citizen country is configured in the system
if (!(AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode))) {
Logger.error("Citizen country PEPS not configured in MOA instance: " + citizenCountryCode);
@@ -205,15 +207,18 @@ public class AuthenticationRequest implements IAction {
e.printStackTrace();
}
- // preparing redirection for the client
+ // preparing redirection for the client
performRedirection("SAMLRequest", destinationURL, storkAuthnRequest.getTokenSaml(), httpResp);
- return "xxxx";// TODO
+
+ SLOInformationImpl sloInfo = new SLOInformationImpl();
+ sloInfo.setProtocolType(moastorkRequest.requestedModule());
+ return sloInfo;
}
/*
Handles STORKAuthnResponse received from PEPS (return to SP)
*/
- private String handleMOAStorkResponse(String instanceName, MOASTORKResponse moastorkResponse, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException {
+ private SLOInformationInterface handleMOAStorkResponse(String instanceName, MOASTORKResponse moastorkResponse, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException {
STORKAuthnResponse authnResponse = null;
@@ -257,7 +262,8 @@ public class AuthenticationRequest implements IAction {
// preparing redirection for the client
performRedirection("SAMLResponse", dataContainer.getRequest().getAssertionConsumerServiceURL(), authnResponse.getTokenSaml(), httpResp);
- return "yyyyy"; // TODO
+
+ return null;
}
/*
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 9a3376e4c..a08872029 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -8,6 +8,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
@@ -40,7 +41,7 @@ public class ConsentEvaluator implements IAction {
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession)
*/
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
// - fetch the container
String artifactId = (String) httpReq.getParameter(ARTIFACT_ID);
@@ -64,7 +65,7 @@ public class ConsentEvaluator implements IAction {
// build and send response
generateSTORKResponse(httpResp, container);
- return "12345"; // AssertionId
+ return null; // AssertionId
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
index 662baa3c9..0d0391e3c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
@@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -39,7 +40,7 @@ public class MandateRetrievalRequest implements IAction {
private AuthenticationSession moaSession;
private MOASTORKRequest moaStorkRequest;
- public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
Logger.debug("Entering AttributeRequest for MandateProvider");
httpResp.reset();
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index e6efa0256..27f219452 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -40,6 +40,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.EncryptedData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
import at.gv.egovernment.moa.logging.Logger;
@@ -221,7 +222,7 @@ public class AuthenticationSessionStoreage {
}
public static void addSSOInformation(String moaSessionID, String SSOSessionID,
- String assertionID, String OAUrl) throws AuthenticationException {
+ SLOInformationInterface SLOInfo, String OAUrl) throws AuthenticationException {
AuthenticatedSessionStore dbsession;
Transaction tx = null;
@@ -251,13 +252,31 @@ public class AuthenticationSessionStoreage {
}
dbsession = (AuthenticatedSessionStore) result.get(0);
-
+
+ OASessionStore activeOA = null;
+ //check if OA already has an active OA session
+ if (dbsession.getActiveOAsessions() != null) {
+ for (OASessionStore el : dbsession.getActiveOAsessions()) {
+ if (el.getOaurlprefix().equals(OAUrl))
+ activeOA = el;
+ }
+ }
+
+ if (activeOA == null)
+ activeOA = new OASessionStore();
+
//set active OA applications
- OASessionStore activeOA = new OASessionStore();
activeOA.setOaurlprefix(OAUrl);
activeOA.setMoasession(dbsession);
activeOA.setCreated(new Date());
- activeOA.setAssertionSessionID(assertionID);
+
+ //set additional information for SLO
+ if (SLOInfo != null) {
+ activeOA.setAssertionSessionID(SLOInfo.getSessionIndex());
+ activeOA.setUserNameID(SLOInfo.getUserNameIdentifier());
+ activeOA.setProtocolType(SLOInfo.getProtocolType());
+
+ }
List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
activeOAs.add(activeOA);
@@ -286,7 +305,7 @@ public class AuthenticationSessionStoreage {
tx.commit();
Logger.debug("Add SSO-Session login information for OA: " + OAUrl
- + " and AssertionID: " + assertionID);
+ + " and AssertionID: " + SLOInfo.getSessionIndex());
}
} catch (MOADatabaseException e) {
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 3cd8ee24a..55b6e8b32 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -129,7 +129,7 @@ validator.08=Das Manifest ist ung\u00FCltig
validator.09=Die \u00F6ffentlichen Schl\u00FCssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat \u00FCberein
validator.10=Anzahl der URLs zur Authentisierungskomponente ung\u00FCltig {0}
-validator.11="Gesch�ftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
+validator.11="Gesch\\u00E4ftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
validator.12=Der Namespace des SAML-Attributs "Gesch\\u00E4ftsbereich" ist ung\u00FCltig {0}
validator.13=Das Target des 'Gesch\u00E4ftsbereichs' ist ung\u00FCltig {0}
validator.14="OA" wurde nicht in den SAML-Attributen gefunden {0}
@@ -137,7 +137,6 @@ validator.15=Der Namespace des SAML-Attributs "OA" ist ung\u00FCltig {0}
validator.16=Die vorkonfigurierte URL der OnlineApplikation ist fehlerhaft {0}
validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ung\u00FCltig {0}
-#validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als g�ltiger SubjectDN-Name f�r eine Personenbindung konfiguriert. <b>{0}</b> wurde NICHT in der Konfiguration gefunden
validator.18= Das Zertifikat mit dem die Personenbindung signiert wurde, ist nicht zum Signieren der Personenbindung zul\u00E4ssig. Es konnte weder der SubjectDN ({0}) einem berechtigten Namen zugeordnet werden, noch enth?lt das Zertifikat die Erweiterung "Eigenschaft zur Ausstellung von Personenbindungen".
validator.19=Das verwendete Zertifikat zum Signieren ist ung\u00FCltig.<br>{0}
@@ -212,7 +211,7 @@ stork.13=Fehler beim Sammeln eines Attributes in einem AttributProviderPlugin
stork.14=Es wurde weder Authentifizierungs/ noch Attributerequest empfangen
stork.15=Unbekannte request.
stork.16=Ein Attribute aus zwei verschiedenen Quellen unterscheidet sich\: {0}
-stork.17=Fehler beim Einholen der Zustimmung für Attribut\u00FCbertragung durch den Benutzer
+stork.17=Fehler beim Einholen der Zustimmung f\uFFFDr Attribut\u00FCbertragung durch den Benutzer
stork.18=STORK-SAML Engine konnte nicht initialisiert werden.
pvp2.00={0} ist kein gueltiger consumer service index
@@ -241,5 +240,5 @@ oauth20.04=Die Art der Anmeldung wird nicht unterstuetzt
oauth20.05=Der angegebene Benutzer ist nicht berechtigt
oauth20.06=Die angegebene OA kann nicht verwendet werden
oauth20.07=Angeforderter grant_type ist nicht erlaubt
-oauth20.08=Nicht berechtigt f�r Token-Request
+oauth20.08=Nicht berechtigt f\u00FCr Token-Request
oauth20.09=Zertifikat fuer JSON Web-Token ist falsch konfiguriert. Fehler bei "{0}"