diff options
Diffstat (limited to 'id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main')
3 files changed, 28 insertions, 13 deletions
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java index 1269229d0..b17f0c121 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java @@ -45,19 +45,20 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class BKAMobileAuthModule implements AuthModule { - private int priority = 1; + private int priority = 2; @Autowired(required=true) protected AuthConfiguration authConfig; @Autowired(required=true) private IAuthenticationManager authManager; private List<String> uniqueIDsDummyAuthEnabled = new ArrayList<String>(); + private String noAuthHeaderValue = null; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() */ @Override public int getPriority() { - return priority; + return priority; } /** @@ -67,11 +68,13 @@ public class BKAMobileAuthModule implements AuthModule { public void setPriority(int priority) { this.priority = priority; } - @PostConstruct public void initialDummyAuthWhiteList() { String sensitiveSpIdentifier = authConfig.getBasicConfiguration("modules.bkamobileAuth.entityID"); + noAuthHeaderValue = authConfig.getBasicConfiguration("modules.bkamobileAuth.noAuthHeaderValue", "0"); + Logger.info("Dummy authentication is sensitive on 'X-MOA-VDA' value: " + noAuthHeaderValue); + if (MiscUtil.isNotEmpty(sensitiveSpIdentifier)) { uniqueIDsDummyAuthEnabled.addAll(KeyValueUtils.getListOfCSVValues(sensitiveSpIdentifier)); @@ -84,6 +87,8 @@ public class BKAMobileAuthModule implements AuthModule { //parameter to whiteList authManager.addParameterNameToWhiteList(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW); +// authManager.addHeaderNameToWhiteList("SL2ClientType"); +// authManager.addHeaderNameToWhiteList("X-MOA-VDA"); } /* (non-Javadoc) @@ -92,12 +97,22 @@ public class BKAMobileAuthModule implements AuthModule { @Override public String selectProcess(ExecutionContext context) { String spEntityID = (String) context.get(EAAFConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID); - if (MiscUtil.isNotEmpty(spEntityID)) { - if (uniqueIDsDummyAuthEnabled.contains(spEntityID)) { + String sl20ClientTypeHeader = (String) context.get("SL2ClientType".toLowerCase()); + String sl20VDATypeHeader = (String) context.get("X-MOA-VDA".toLowerCase()); + if (MiscUtil.isNotEmpty(spEntityID)) { + Logger.trace("Check dummy-auth for SP: " + spEntityID); + + + if ( (uniqueIDsDummyAuthEnabled.contains(spEntityID))) { String eIDBlob = (String)context.get(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW); if (eIDBlob != null && MiscUtil.isNotEmpty(eIDBlob.trim())) { return "BKAMobileAuthentication"; + } else if (MiscUtil.isNotEmpty(sl20ClientTypeHeader) + && MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals(noAuthHeaderValue)) { + Logger.info("Find dummy-auth request for oe.gv.at demos ... "); + return "BKAMobileAuthentication"; + } else { Logger.debug("Dummy-auth are enabled for " + spEntityID + " but no '" + FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW + "' req. parameter available."); diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml index 6f41f347a..07faeae88 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml @@ -5,17 +5,17 @@ STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures. --> <pd:Task id="firstStep" class="FirstBKAMobileAuthTask" /> - <pd:Task id="secondStep" class="SecondBKAMobileAuthTask" async="true" /> - <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + <pd:Task id="secondStep" class="SecondBKAMobileAuthTask" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. --> <pd:StartEvent id="start" /> - <pd:Transition from="start" to="firstStep" /> - <!-- pd:Transition from="firstStep" to="secondStep"/> - <pd:Transition from="secondStep" to="finalizeAuthentication" /--> - - <pd:Transition from="firstStep" to="finalizeAuthentication" /> + <pd:Transition from="start" to="secondStep" /> + <pd:Transition from="secondStep" to="finalizeAuthentication" /> + +<!-- <pd:Transition from="firstStep" to="secondStep"/> --> + <!-- <pd:Transition from="firstStep" to="finalizeAuthentication" /> --> <pd:Transition from="finalizeAuthentication" to="end" /> diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml index ef13b0348..79f29e08c 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml @@ -10,7 +10,7 @@ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> <bean id="BKAMobileAuthModule" class="at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.BKAMobileAuthModule"> - <property name="priority" value="1" /> + <property name="priority" value="4" /> </bean> |