aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/pom.xml4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java80
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java32
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java3
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties6
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties2
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java2
14 files changed, 112 insertions, 88 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 9b9b13d8b..0e8b996ba 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -319,8 +319,8 @@
<artifactId>eaaf-core</artifactId>
<type>test-jar</type>
<classifier>tests</classifier>
- <version>1.0.0-snapshot</version>
- <scope>test</scope>
+ <version>1.0.0</version>
+ <scope>test</scope>
</dependency>
<!-- <dependency>
<groupId>org.opensaml</groupId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index e92c3377a..f642cddc7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -61,7 +61,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -142,12 +142,15 @@ public class StatisticLogger implements IStatisticLogger{
IMOAAuthData moaAuthData = (IMOAAuthData) authData;
dblog.setOatarget(moaAuthData.getBPKType());
- boolean isFederatedAuthentication = protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_RESPONSE) != null;
+ boolean isFederatedAuthentication = protocolRequest.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE) != null;
dblog.setInterfederatedSSOSession(isFederatedAuthentication);
if (isFederatedAuthentication) {
dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP);
- dblog.setBkuurl(protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class));
+ dblog.setBkuurl(protocolRequest.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class));
+
+ } else if (moaAuthData.isForeigner()) {
+ dblog.setBkutype(IOAAuthParameters.EIDAS);
} else {
dblog.setBkuurl(moaAuthData.getBkuURL());
@@ -299,7 +302,8 @@ public class StatisticLogger implements IStatisticLogger{
} else {
Logger.debug("Use MOA session information from pending-req for ErrorLogging");
- moasession = new AuthenticationSessionWrapper(errorRequest.genericFullDataStorage());
+ moasession = (IAuthenticationSession) errorRequest.getSessionData(AuthenticationSessionWrapper.class);
+
}
@@ -393,45 +397,47 @@ public class StatisticLogger implements IStatisticLogger{
private String findBKUType(String bkuURL, IOAAuthParameters dbOA) {
- if (dbOA != null) {
- if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.HANDYBKU)))
- return IOAAuthParameters.HANDYBKU;
-
- if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.LOCALBKU)))
- return IOAAuthParameters.LOCALBKU;
-
- if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.THIRDBKU)))
- return IOAAuthParameters.THIRDBKU;
- }
-
- Logger.trace("Staticic Log search BKUType from DefaultBKUs");
-
- try {
- if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.THIRDBKU)))
- return IOAAuthParameters.THIRDBKU;
+ if (bkuURL != null) {
+ if (dbOA != null) {
+ if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.HANDYBKU)))
+ return IOAAuthParameters.HANDYBKU;
+
+ if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.LOCALBKU)))
+ return IOAAuthParameters.LOCALBKU;
+
+ if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.THIRDBKU)))
+ return IOAAuthParameters.THIRDBKU;
+ }
+
+ Logger.trace("Staticic Log search BKUType from DefaultBKUs");
- if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU)))
+ try {
+ if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.THIRDBKU)))
+ return IOAAuthParameters.THIRDBKU;
+
+ if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU)))
+ return IOAAuthParameters.LOCALBKU;
+
+ if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU)))
+ return IOAAuthParameters.HANDYBKU;
+
+ } catch (ConfigurationException e) {
+ Logger.info("Advanced Logging: Default BKUs read failed");
+ }
+
+ Logger.debug("Staticic Log search BKUType from generneric Parameters");
+
+ if (bkuURL.endsWith(GENERIC_LOCALBKU)) {
+ Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU);
return IOAAuthParameters.LOCALBKU;
+ }
- if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU)))
+ if (bkuURL.startsWith(GENERIC_HANDYBKU)) {
+ Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU);
return IOAAuthParameters.HANDYBKU;
-
- } catch (ConfigurationException e) {
- Logger.info("Advanced Logging: Default BKUs read failed");
- }
-
- Logger.debug("Staticic Log search BKUType from generneric Parameters");
-
- if (bkuURL.endsWith(GENERIC_LOCALBKU)) {
- Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU);
- return IOAAuthParameters.LOCALBKU;
+ }
}
- if (bkuURL.startsWith(GENERIC_HANDYBKU)) {
- Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU);
- return IOAAuthParameters.HANDYBKU;
- }
-
Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.AUTHTYPE_OTHERS);
return IOAAuthParameters.AUTHTYPE_OTHERS;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index a13455972..2c14af463 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -129,12 +129,12 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
try {
return buildAuthenticationData(pendingReq,
- new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()),
+ pendingReq.getSessionData(AuthenticationSessionWrapper.class),
pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class));
} catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException | EAAFBuilderException e) {
Logger.warn("Can not build authentication data from session information");
- throw new EAAFAuthenticationException("TODO", new Object[]{}, e);
+ throw new EAAFAuthenticationException("builder.11", new Object[]{}, e);
}
@@ -186,14 +186,14 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
if (oaParam.isSTORKPVPGateway())
oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, pendingReq);
- Boolean isMinimalFrontChannelResp = pendingReq.getGenericData(
+ Boolean isMinimalFrontChannelResp = pendingReq.getRawData(
MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class);
if (isMinimalFrontChannelResp != null && isMinimalFrontChannelResp) {
//only set minimal response attributes
authdata.setQAALevel(
- pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class));
+ pendingReq.getRawData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class));
authdata.setBPK(
- pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class));
+ pendingReq.getRawData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class));
} else {
//build AuthenticationData from MOASession
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index a43e6a7fb..399ecc022 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -191,7 +191,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
String sectorName = null;
- String saml1Target = pendingReq.getGenericData(
+ String saml1Target = pendingReq.getRawData(
MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
if (MiscUtil.isNotEmpty(saml1Target)) {
target = saml1Target;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 926bfe242..cadaec2a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -45,6 +45,7 @@ import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Map.Entry;
import org.apache.commons.collections4.map.HashedMap;
@@ -235,13 +236,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
*/
@Override
public X509Certificate getSignerCertificate() {
- try {
- return new X509Certificate(signerCertificate);
- }
- catch (CertificateException e) {
- Logger.warn("Signer certificate can not be loaded from session database!", e);
- return null;
+ if (signerCertificate != null && signerCertificate.length > 0) {
+ try {
+ return new X509Certificate(signerCertificate);
+ }
+ catch (CertificateException e) {
+ Logger.warn("Signer certificate can not be loaded from session database!", e);
+
+ }
}
+
+ return null;
}
/* (non-Javadoc)
@@ -665,8 +670,9 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
result.put(VALUE_SIGNER_CERT, getSignerCertificate());
result.put(VALUE_VERIFYSIGRESP, getXMLVerifySignatureResponse());
- result.putAll(genericSessionDataStorate);
-
+ for (Entry<String, Object> el : genericSessionDataStorate.entrySet())
+ result.put(GENERIC_PREFIX + el.getKey(), el.getValue());
+
return Collections.unmodifiableMap(result);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index b976cba9e..375b144d7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -78,13 +78,8 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
//defaultTaskInitialization(request, executionContext);
//check SSO session cookie and MOASession object
- String ssoId = ssoManager.getSSOSessionID(request);
- boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
-
- //load MOA SSO-session from database
- AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
-
- if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) {
+ String ssoId = ssoManager.getSSOSessionID(request);
+ if (!(ssoManager.isValidSSOSession(ssoId, pendingReq))) {
Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ...");
throw new AuthenticationException("auth.30", null);
@@ -95,9 +90,12 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
//user allow single sign-on authentication
if (ssoConsents) {
-
+ //load MOA SSO-session from database
+ AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
+
+
//Populate this pending request with SSO session information
- pendingReq.setGenericDataToSession(ssoMOSSession.getKeyValueRepresentationFromAuthSession());;
+ pendingReq.setRawDataToTransaction(ssoMOSSession.getKeyValueRepresentationFromAuthSession());;
//authenticate pending-request
pendingReq.setAuthenticated(true);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
index 7d9a2c28c..acaf21682 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
@@ -35,7 +35,7 @@ public class UserRestrictionTask extends AbstractAuthServletTask {
List<String> restrictedSPs = KeyValueUtils.getListOfCSVValues(authConfig.getBasicConfiguration(CONFIG_PROPS_SP_LIST));
if (restrictedSPs.contains(spEntityId)) {
Logger.debug("SP:" + spEntityId + " has a user restrication. Check users bPK ... ");
- AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+ AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
//check if user idl is already loaded
if (moasession.getIdentityLink() == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 0e1e1bf12..ead80b117 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -138,8 +138,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
resultTargetFriendlyName = targetFriendlyNameConfig;
//set info's into request-context. (It's required to support SAML1 requested target parameters)
- protocolReq.setGenericDataToSession(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget);
- protocolReq.setGenericDataToSession(
+ protocolReq.setRawDataToTransaction(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget);
+ protocolReq.setRawDataToTransaction(
MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, resultTargetFriendlyName);
} else {
@@ -206,7 +206,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL()))
throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
- protocolReq.setGenericDataToSession(
+ protocolReq.setRawDataToTransaction(
MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE,
templateURL);
@@ -248,7 +248,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
oaURL = pendingReq.getSPEntityId();
//only needed for SAML1
- String target = pendingReq.getGenericData("saml1_target", String.class);
+ String target = pendingReq.getRawData("saml1_target", String.class);
parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, pendingReq);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 6544766b2..77abe07af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -60,12 +60,9 @@ import at.gv.egovernment.moa.util.MiscUtil;
@Service("MOAID_AuthenticationManager")
public class AuthenticationManager extends AbstractAuthenticationManager {
- public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL";
- public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse";
- public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";
- public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID";
public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA";
-
+ public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";
+
public static final String MOA_SESSION = "MoaAuthenticationSession";
public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
@@ -167,13 +164,13 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
//set interfederation authentication flag
executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH,
MiscUtil.isNotEmpty(
- pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class)));
+ pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class)));
//set legacy mode or BKU-selection flags
boolean leagacyMode = (legacyallowed && legacyparamavail);
executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode);
executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode
- && MiscUtil.isEmpty(pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class)));
+ && MiscUtil.isEmpty(pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class)));
//add additional http request parameter to context
if (leagacyMode) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 97c4f40cd..b5005d0c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -23,6 +23,8 @@
package at.gv.egovernment.moa.id.moduls;
import java.util.Date;
+import java.util.Map;
+import java.util.Map.Entry;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
@@ -73,9 +75,10 @@ public class SSOManager implements ISSOManager {
private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
- public static final String DATAID_INTERFEDERATIOIDP_URL = "INTERFEDERATIOIDP_URL";
- public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "INTERFEDERATIOIDP_RESPONSE";
- public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "INTERFEDERATIOIDP_ENTITYID";
+ public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL";
+ public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse";
+ public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID";
+
@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
@Autowired private AuthConfiguration authConfig;
@@ -166,8 +169,17 @@ public class SSOManager implements ISSOManager {
Logger.debug("Found authenticated MOASession with provided SSO-Cookie.");
revisionsLogger.logEvent(pendingReq, EVENT_SSO_SESSION_VALID);
- Logger.trace("Populatint pending request with SSO session information .... ");
- pendingReq.setGenericDataToSession(ssoMOASession.getKeyValueRepresentationFromAuthSession());
+ Logger.trace("Populatint pending request with SSO session information .... ");
+ Map<String, Object> fullSSOData = ssoMOASession.getKeyValueRepresentationFromAuthSession();
+ if (Logger.isTraceEnabled()) {
+ Logger.trace("Full SSO DataSet: ");
+ for (Entry<String, Object> el : fullSSOData.entrySet()) {
+ Logger.trace(" Key: " + el.getKey() + " Value: " + el.getValue());
+
+ }
+
+ }
+ pendingReq.setRawDataToTransaction(fullSSOData);
pendingReq.setAuthenticated(true);
}
@@ -301,7 +313,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
String interfederationIDP =
- protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class);
+ protocolRequest.getRawData(DATAID_INTERFEDERATIOIDP_URL, String.class);
if (MiscUtil.isNotEmpty(interfederationIDP)) {
Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + interfederationIDP);
return;
@@ -313,14 +325,14 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
RequestImpl moaReq = (RequestImpl) protocolRequest;
if (MiscUtil.isNotEmpty(interIDP)) {
Logger.info("Receive SSO request for interfederation IDP " + interIDP);
- moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, interIDP);
+ moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, interIDP);
} else {
//check if IDP cookie is set
String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
if (MiscUtil.isNotEmpty(cookie)) {
Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie);
- moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, cookie);
+ moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, cookie);
deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);
}
@@ -367,7 +379,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
//in case of federated SSO session, jump to federated IDP for authentication
String interfederationIDP =
- protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class);
+ protocolRequest.getRawData(DATAID_INTERFEDERATIOIDP_URL, String.class);
if (MiscUtil.isEmpty(interfederationIDP)) {
InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
@@ -375,7 +387,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
if (selectedIDP != null) {
//no local SSO session exist -> request interfederated IDP
Logger.info("SSO Session refer to federated IDP: " + selectedIDP.getIdpurlprefix());
- protocolRequest.setGenericDataToSession(
+ protocolRequest.setRawDataToTransaction(
DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix());
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 0f75cf63b..405e44112 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -95,7 +95,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
dbsession.setAdditionalInformationBytes(mapper.serialize(sessionExt).getBytes("UTF-8"));
AuthenticationSession session = new AuthenticationSession(id, now,
- new AuthenticationSessionWrapper(target.genericFullDataStorage()));
+ (IAuthenticationSession)target.getSessionData(AuthenticationSessionWrapper.class));
encryptSession(session, dbsession);
//store AssertionStore element to Database
@@ -341,6 +341,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
dbsession.setSSOSession(true);
dbsession.setSSOsessionid(externalSSOSessionID);
+ dbsession.setAuthenticated(true);
//Store MOASession
entityManager.merge(dbsession);
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 7d6730925..66b9be341 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -114,6 +114,7 @@ builder.07=Fehlerhaftes SecurityLayer Template.
builder.08=Authentication process could NOT completed. Reason: {0}
builder.09=Can not build GUI component. Reason: {0}
builder.10=Can not create or update SSO session. SSO NOT POSSIBLE
+builder.11=Fehler beim generieren der Anmeldedaten f\u00FCr die Online Applikation
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
@@ -310,8 +311,8 @@ pvp2.25=Fehler beim Validieren der PVP2 Metadaten
##add status codes!!!!
sp.pvp2.00=Can not build PVP AuthnRequest for {0} {1}. No valid SingleSignOnService endpoint found.
-sp.pvp2.01=Can not build PVP AuthnRequest for {0} {0}. IDP is not allowed for federated authentication.
-sp.pvp2.02=Can not build PVP AuthnRequest for {0} {0}. IDP has no (valid) metadata.
+sp.pvp2.01=Can not build PVP AuthnRequest for {0}. IDP is not allowed for federated authentication.
+sp.pvp2.02=Can not build PVP AuthnRequest for {0}. IDP has no (valid) metadata.
sp.pvp2.03=Receive PVP Response from {0} with unsupported Binding.
sp.pvp2.04=Receive invalid PVP Response from {0}. No PVP metadata found.
sp.pvp2.05=Receive invalid PVP Response from {0} {1}. StatusCode:{2} Msg:{3}.
@@ -322,6 +323,7 @@ sp.pvp2.09=Receive invalid PVP Response from {0} {1}. StatusCodes:{2} {3} Msg:{4
sp.pvp2.10=Receive invalid PVP Response from {0}. No valid assertion included.
sp.pvp2.11=Receive invalid PVP Response from {0}. Assertion decryption FAILED.
sp.pvp2.12=Receive invalid PVP Response from {0}. Msg:{1}
+sp.pvp2.13=Can not build PVP AuthnRequest for {0}. Internal processing error.
oauth20.01=Fehlerhafte redirect url
oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 5d7588dd5..b878eadf3 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -92,6 +92,7 @@ builder.07=9002
builder.08=1008
builder.09=9103
builder.10=1009
+builder.11=9102
service.00=4300
service.03=4300
@@ -122,6 +123,7 @@ sp.pvp2.09=4503
sp.pvp2.10=4502
sp.pvp2.11=4502
sp.pvp2.12=4502
+sp.pvp2.13=4501
validator.00=1102
validator.01=1102
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
index 16cdc9c12..1ea057186 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
@@ -43,7 +43,7 @@ public class AuthenticationDataBuilderTest {
IAuthenticationSession session = new DummyAuthSession();
session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL, false))).parseIdentityLink());
- pendingReq.setGenericDataToSession(session.getKeyValueRepresentationFromAuthSession());
+ pendingReq.setRawDataToTransaction(session.getKeyValueRepresentationFromAuthSession());
IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq);