aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java1
6 files changed, 18 insertions, 11 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index d587092eb..d4d01d3d1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -435,6 +435,7 @@ public class DispatcherServlet extends AuthServlet{
moasessionID = (String) req.getParameter(PARAM_SESSIONID);
moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+ AuthenticationSessionStoreage.changeSessionID(moasession);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index be0132c14..7dba67174 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -133,7 +133,7 @@ public class AuthenticationManager extends AuthServlet {
authSession.setAuthenticatedUsed(true);
AuthenticationSessionStoreage.storeSession(authSession);
-
+
// HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION,
// sessionID);
return true; // got authenticated
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 76757e28e..a65edffd0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
@@ -117,9 +118,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
throw new AuthenticationException("1206", new Object[] { samlArtifact });
}
}
-
- boolean keepAssertion = false;
-
+
//removed from MOA-ID 2.0 config
// try {
// String boolStr = AuthConfigurationProvider.getInstance()
@@ -132,9 +131,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
// throw new AuthenticationException("1205", new Object[] {
// samlArtifact, ex.toString() });
// }
- if (!keepAssertion) {
- authenticationDataStore.remove(samlArtifact);
- }
+
+ authenticationDataStore.remove(samlArtifact);
long now = new Date().getTime();
@@ -319,9 +317,14 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
authData.setSamlAssertion(samlAssertion);
+// String samlArtifact = new SAMLArtifactBuilder().build(
+// session.getAuthURL(), session.getSessionID(),
+// saml1parameter.getSourceID());
+
+ //TODO: check if it correct
String samlArtifact = new SAMLArtifactBuilder().build(
- session.getAuthURL(), session.getSessionID(),
- saml1parameter.getSourceID());
+ session.getAuthURL(), Random.nextRandom(),
+ saml1parameter.getSourceID());
storeAuthenticationData(samlArtifact, authData);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
index ba4f65571..e5a633d5d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
@@ -114,7 +114,9 @@ public class AssertionStorage {
try {
AssertionStore element = searchInDatabase(artifact);
MOASessionDBUtils.delete(element);
-
+ Logger.info("Remove Assertion with Artifact" + artifact);
+
+
} catch (MOADatabaseException e) {
Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact
+ "not found)");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 5da3dd8f6..89ed369f8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -257,7 +257,7 @@ public class AuthenticationSessionStoreage {
dbsession.setSSOsessionid(SSOSessionID);
dbsession.setAuthenticated(false);
dbsession.setPendingRequestID("");
-
+
//Store MOASession
session.saveOrUpdate(dbsession);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
index da44a3905..8905b96c1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
@@ -136,6 +136,7 @@ public class IdentityLinkReSigner {
throw new MOAIDException("builder.05", new Object[]{});
} else {
+ Logger.debug("MOA-SS Signature createn successfull");
return ser.getSignatureEnvironment();
}