diff options
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src')
4 files changed, 36 insertions, 22 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java index 9f347b4ee..1c20a81bf 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java @@ -45,20 +45,30 @@ public class Constants { public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS"; public static final String CONIG_PROPS_EIDAS_SAMLENGINE="samlengine"; public static final String CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX=CONIG_PROPS_EIDAS_PREFIX + "." + CONIG_PROPS_EIDAS_SAMLENGINE; - public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file"; - + public static final String CONIG_PROPS_EIDAS_SAMLENGINE_BASIC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + ".config.file"; public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN="sign"; public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT="enc"; public static final String CONIG_PROPS_EIDAS_SAMLENGINE_SIGN_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." + CONIG_PROPS_EIDAS_SAMLENGINE_SIGN + ".config.file"; public static final String CONIG_PROPS_EIDAS_SAMLENGINE_ENC_CONFIGFILE = CONIG_PROPS_EIDAS_SAMLENGINE_PREFIX + "." - + CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file"; + + CONIG_PROPS_EIDAS_SAMLENGINE_ENCRYPT + ".config.file"; + public static final String CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE = CONIG_PROPS_EIDAS_PREFIX + ".metadata.validation.truststore"; - public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000; //2 minutes skew time for response validation + //timeouts and clock skews + public static final long CONFIG_PROPS_SKEWTIME = 2 * 60 * 1000; //2 minutes skew time for response validation + public static final int CONFIG_PROPS_METADATA_SOCKED_TIMEOUT = 20 * 1000; //20 seconds metadata socked timeout + //eIDAS attribute names public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier"; public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth"; public static final String eIDAS_ATTR_CURRENTGIVENNAME = "CurrentGivenName"; public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "CurrentFamilyName"; + + //http endpoint descriptions + public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/sp/post"; + public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/sp/redirect"; + public static final String eIDAS_HTTP_ENDPOINT_IDP_POST = "/eidas/idp/post"; + public static final String eIDAS_HTTP_ENDPOINT_IDP_REDIRECT = "/eidas/idp/redirect"; + public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/metadata"; } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java index 556947572..49f0451cb 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java @@ -22,30 +22,19 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas; -import java.io.ByteArrayInputStream; - import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServletRequest; -import javax.xml.xpath.XPath; -import javax.xml.xpath.XPathConstants; -import javax.xml.xpath.XPathExpression; -import javax.xml.xpath.XPathFactory; import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.StringUtils; -import org.springframework.util.xml.SimpleNamespaceContext; -import org.w3c.dom.Document; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; /** * @author tlenz * */ -@WebServlet(urlPatterns = { "/eidas/post", "/eidas/redirect"}, loadOnStartup = 1) +@WebServlet(urlPatterns = { "/eidas/sp/post", "/eidas/sp/redirect"}, loadOnStartup = 1) public class eIDASSignalServlet extends ProcessEngineSignalServlet { private static final long serialVersionUID = 8215688005533754459L; @@ -53,7 +42,7 @@ public class eIDASSignalServlet extends ProcessEngineSignalServlet { public eIDASSignalServlet() { super(); Logger.debug("Registering servlet " + getClass().getName() + - " with mappings '/eidas/post' and '/eidas/redirect'."); + " with mappings '/eidas/sp/post' and '/eidas/sp/redirect'."); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index 57588287d..963fe70c1 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -142,7 +142,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { EIDASAuthnRequest authnRequest = new EIDASAuthnRequest(); authnRequest.setProviderName(moaconfig.getPublicURLPrefix()); authnRequest.setPersonalAttributeList(pAttList); + authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + "/eidas/metadata"); + //TODO: only for development and reverse proxy + authnRequest.setIssuer("http://localhost:12343/moa-id-auth/eidas/metadata"); + authnRequest.setDestination(destination); authnRequest.setEidasNameidFormat(EIDASAuthnRequest.NAMEID_FORMAT_UNSPECIFIED); authnRequest.setEidasLoA(EidasLoaLevels.LOW.stringValue()); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java index c8df9ca97..cd30f2bec 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java @@ -29,7 +29,10 @@ import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; +import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import eu.eidas.auth.engine.EIDASSAMLEngine; import eu.eidas.auth.engine.metadata.MetadataConfigParams; import eu.eidas.auth.engine.metadata.MetadataGenerator; @@ -49,15 +52,23 @@ public class EidasMetaDataServlet extends HttpServlet { */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { - logger.info("EidasMetaDataServlet GET"); + logger.debug("EidasMetaDataServlet GET"); - String metadata_url = "http://localhost:12344/moa-id-auth/eidas/metadata"; - String sp_return_url = "http://localhost:12344/moa-id-auth/eidas/metadata"; + AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); + String pubURLPrefix = config.getPublicURLPrefix(); + + + String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA; + + //TODO: only for development and reverse proxy + metadata_url = "http://localhost:12343/moa-id-auth/eidas/metadata"; + + String sp_return_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_SP_POST; String metaData = generateMetadata(metadata_url, sp_return_url); - logger.debug(metaData); + logger.trace(metaData); - response.setContentType("text/html"); + response.setContentType("text/xml"); response.getWriter().print(metaData); response.flushBuffer(); } catch (Exception e) { |