aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java')
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java34
1 files changed, 26 insertions, 8 deletions
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
index c034dc95e..f3eaff11a 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.transform.TransformerException;
+import org.apache.commons.lang3.StringUtils;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.ws.message.decoder.MessageDecodingException;
@@ -55,10 +56,12 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
@@ -129,7 +132,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
//validate entityId of response
- String msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+ String msNodeEntityID = Utils.getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration(), authConfig);
String respEntityId = msg.getEntityID();
if (!msNodeEntityID.equals(respEntityId)) {
Logger.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ...");
@@ -155,23 +158,28 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
} catch (MessageDecodingException | SecurityException e) {
String samlRequest = request.getParameter("SAMLRequest");
Logger.warn("Receive INVALID PVP Response from 'ms-specific eIDAS node': " + samlRequest, e);
- throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", e);
+ throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP",
+ new AuthnResponseValidationException("sp.pvp2.11", new Object[] {"'national central eIDASNode'"}, e));
} catch (IOException | MarshallingException | TransformerException e) {
Logger.warn("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
- throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
+ throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.",
+ new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'national central eIDASNode'", e.getMessage()}, e));
} catch (CredentialsNotAvailableException e) {
Logger.error("PVP response decrytion FAILED. No credential found.", e);
- throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", e);
+ throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.",
+ new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'national central eIDASNode'"}, e));
} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
Logger.info("PVP response validation FAILED. Msg:" + e.getMessage());
- throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+ throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.",
+ new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'national central eIDASNode'"}, e));
} catch (Exception e) {
Logger.warn("PVP response validation FAILED. Msg:" + e.getMessage(), e);
- throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+ throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.",
+ new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'national central eIDASNode'", e.getMessage()}, e));
}
@@ -182,19 +190,29 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
//check if all attributes are include
if (!extractor.containsAllRequiredAttributes()
&& !extractor.containsAllRequiredAttributes(EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES)) {
- Logger.warn("PVP Response from federated IDP contains not all requested attributes.");
+ Logger.warn("PVP Response from 'ms-specific eIDAS node' contains not all requested attributes.");
throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING});
}
//copy attributes into MOASession
+ AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
for (String el : includedAttrNames) {
String value = extractor.getSingleAttributeValue(el);
- pendingReq.setGenericDataToSession(el, value);
+ session.setGenericDataToSession(el, value);
Logger.debug("Add PVP-attribute " + el + " into MOASession");
}
+
+ //set foreigner flag
+ session.setForeigner(true);
+ if (extractor.getFullAssertion().getIssuer() != null &&
+ StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue()))
+ session.setBkuURL(extractor.getFullAssertion().getIssuer().getValue());
+ else
+ session.setBkuURL("eIDAS_Authentication");
+
} catch (AssertionValidationExeption e) {
throw new BuildException("builder.06", null, e);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-05 19:47:36 +0000