aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-eIDAS/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java70
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java18
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml6
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm38
4 files changed, 117 insertions, 15 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 6483656ec..159728e92 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -22,9 +22,17 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+import java.io.IOException;
+import java.io.StringWriter;
+import java.security.Security;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+
import eu.eidas.auth.commons.EIDASAuthnRequest;
import eu.eidas.auth.commons.EIDASUtil;
import eu.eidas.auth.commons.IPersonalAttributeList;
@@ -45,6 +53,7 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -76,22 +85,29 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
//load MOASession object and OA-configuration
AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
-
-
- //build eIDAS AuthnRequest
- EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
+
+ EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+
IPersonalAttributeList pAttList = new PersonalAttributeList();
//create template requested attribute
//TODO: load required attributes from OA configuration
PersonalAttribute attr = new PersonalAttribute();
-
+ attr.setName("eidas/attributes/CurrentFamilyName");
+
pAttList.add(attr);
-
-
-
- EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
- engine.initRequestedAttributes(pAttList);
+
+ //build eIDAS AuthnRequest
+ EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
+ String assertionConsumerURL="https://demo.a-sit.at/EidasNode/ServiceProvider";
+ authnRequest.setAssertionConsumerServiceURL(assertionConsumerURL);
+ String providerName = "sp3fr-moa";
+ authnRequest.setProviderName(providerName);
+ int qaaLevel = 1;
+ authnRequest.setQaa(qaaLevel);
+ authnRequest.setPersonalAttributeList(pAttList);
+
+ engine.initRequestedAttributes(pAttList);
authnRequest = engine.generateEIDASAuthnRequest(authnRequest);
//encode AuthnRequest
@@ -100,8 +116,38 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
//send
-
-
+ try {
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/eidas_postbinding_template.vm");
+ VelocityContext context = new VelocityContext();
+
+ String actionType = "SAMLRequest";
+ context.put(actionType, SAMLRequest);
+ Logger.debug("Encoded " + actionType + " original: " + SAMLRequest);
+
+ Logger.debug("Using assertion consumer url as action: " + assertionConsumerURL);
+ context.put("action", assertionConsumerURL);
+
+ Logger.debug("Starting template merge");
+ StringWriter writer = new StringWriter();
+
+ Logger.debug("Doing template merge");
+ template.merge(context, writer);
+ Logger.debug("Template merge done");
+
+ Logger.debug("Sending html content: " + writer.getBuffer().toString());
+
+ response.setContentType("text/html;charset=UTF-8");
+ response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+
+ } catch (IOException e) {
+ Logger.error("Velocity IO error: " + e.getMessage());
+ throw new MOAIDException("stork.15", null); // TODO
+ } catch (Exception e) {
+ Logger.error("Velocity general error: " + e.getMessage());
+ throw new MOAIDException("stork.15", null); // TODO
+ }
+
}catch (EIDASSAMLEngineException e){
Logger.error("eIDAS AuthnRequest generation FAILED.", e);
throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.",
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
new file mode 100644
index 000000000..8fdb40065
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+
+public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
+
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
+
+ System.out.println(request.getContentLength());
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
index fe1974b4d..09f10a7ef 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas/eIDAS.Authentication.process.xml
@@ -2,15 +2,15 @@
<pd:ProcessDefinition id="eIDASAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
- <pd:Task id="createAuthnRequest" class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.GenerateAuthnRequestTask" />
- <pd:Task id="finalizeAuthentication" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask" />
+ <pd:Task id="receiveAuthnResponse" class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.ReceiveAuthnResponseTask" async="true" />
<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
<pd:StartEvent id="start" />
<pd:Transition from="start" to="createAuthnRequest" />
- <pd:Transition from="createAuthnRequest" to="finalizeAuthentication" />
+ <pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" />
+ <pd:Transition from="receiveAuthnResponse" to="finalizeAuthentication" />
<pd:Transition from="finalizeAuthentication" to="end" />
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm
new file mode 100644
index 000000000..8beb601c6
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm
@@ -0,0 +1,38 @@
+##
+## Velocity Template for SAML 2 HTTP-POST binding
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## RelayState - String - the relay state for the message
+## SAMLRequest - String - the Base64 encoded SAML Request
+## SAMLResponse - String - the Base64 encoded SAML Response
+## Contains target attribute to delegate PEPS authentication out of iFrame
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+ <body onload="document.forms[0].submit()">
+ <noscript>
+ <p>
+ <strong>Note:</strong> Since your browser does not support JavaScript,
+ you must press the Continue button once to proceed.
+ </p>
+ </noscript>
+
+ <form action="${action}" method="post" target="_top">
+ <div>
+ #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end
+
+ #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end
+
+ #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end
+
+ </div>
+ <noscript>
+ <div>
+ <input type="submit" value="Continue"/>
+ </div>
+ </noscript>
+ </form>
+
+ </body>
+</html> \ No newline at end of file