aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-eIDAS/src
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java54
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java25
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java18
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java80
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java59
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java59
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java62
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java29
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java24
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java12
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java2
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java139
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java6
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java4
15 files changed, 516 insertions, 59 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 491139fb5..80a2734f2 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -18,6 +18,7 @@ import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
+import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
@@ -65,7 +66,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
private MOAeIDASChainingMetadataProvider() {
internalProvider = new ChainingMetadataProvider();
lastAccess = new HashMap<String, Date>();
-
+
}
/* (non-Javadoc)
@@ -92,12 +93,13 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
}
}
- if (!expiredEntities.isEmpty()) {
- ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-
- //get all actually loaded metadata providers
- Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+ ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+ boolean isUpdateRequired = false;
+ //get all actually loaded metadata providers
+ Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+
+ if (!expiredEntities.isEmpty()) {
for (String expired : expiredEntities) {
if (loadedproviders.containsKey(expired)) {
HTTPMetadataProvider provider = loadedproviders.get(expired);
@@ -107,7 +109,8 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
//remove from map
loadedproviders.remove(expired);
-
+ isUpdateRequired = true;
+
/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
*The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
//chainProvider.removeMetadataProvider(provider);
@@ -118,18 +121,43 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
Logger.warn("eIDAS metadata for EntityID: " + expired
+ " is marked as unsed, but no loaded metadata provider is found.");
- }
+ }
+ }
+ //check signature of all metadata which are actually loaded
+ List<String> nonValidMetadataProvider = new ArrayList<String>();
+ for (HTTPMetadataProvider provider : loadedproviders.values()) {
+ try {
+ provider.getMetadataFilter().doFilter(provider.getMetadata());
+
+ } catch (FilterException | MetadataProviderException e) {
+ Logger.info("eIDAS MetadataProvider: " + provider.getMetadataURI()
+ + " is not valid any more. Reason:" + e.getMessage());
+ if (Logger.isDebugEnabled())
+ Logger.warn("Reason", e);
+
+ nonValidMetadataProvider.add(provider.getMetadataURI());
+
+ }
+ }
+ for (String el : nonValidMetadataProvider) {
+ loadedproviders.remove(el);
+ isUpdateRequired = true;
+
+ }
+
+ //update chaining metadata-provider if it is required
+ if (isUpdateRequired) {
try {
synchronized (chainProvider) {
chainProvider.setProviders(new ArrayList<MetadataProvider>(loadedproviders.values()));
-
+
emitChangeEvent();
}
-
+
} catch (MetadataProviderException e) {
Logger.warn("ReInitalize eIDASA MetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e);
-
+
}
}
}
@@ -184,7 +212,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
httpProvider.setMetadataFilter(filter);
httpProvider.initialize();
-
+
return httpProvider;
} catch (Throwable e) {
@@ -277,7 +305,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
}
-
+
public boolean requireValidMetadata() {
return internalProvider.requireValidMetadata();
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
index e3ae5c046..7537c4d84 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
@@ -94,6 +94,8 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
throws SAMLEngineException {
//Do nothing, because metadata signature is already validated during
//metadata provider initialization
+
+ //TODO: maybe signature validation is needed on every request
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
index 95690bbeb..234c4e038 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
@@ -22,19 +22,21 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+import org.opensaml.saml2.core.StatusCode;
/**
* @author tlenz
*
*/
-public class EIDASEngineException extends Exception {
+public class EIDASEngineException extends eIDASException {
/**
+ * @param objects
* @param string
* @param e
*/
- public EIDASEngineException(String string, Throwable e) {
- super(string, e);
+ public EIDASEngineException(String msg, Object[] objects, Throwable e) {
+ super(msg, objects, e);
}
/**
@@ -42,4 +44,21 @@ public class EIDASEngineException extends Exception {
*/
private static final long serialVersionUID = 1559812927427153879L;
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeFirstLevel()
+ */
+ @Override
+ public String getStatusCodeFirstLevel() {
+ return StatusCode.RESPONDER_URI;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel()
+ */
+ @Override
+ public String getStatusCodeSecondLevel() {
+ return StatusCode.AUTHN_FAILED_URI;
+ }
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
index 7840ae2e6..b25895eca 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
@@ -22,17 +22,31 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+import org.opensaml.saml2.core.StatusCode;
+
/**
* @author tlenz
*
*/
-public class eIDASAttributeException extends Exception {
+public class eIDASAttributeException extends eIDASException {
private static final long serialVersionUID = 1L;
public eIDASAttributeException(String message) {
- super(message);
+ super("eIDAS.07", new Object[]{message});
}
+ @Override
+ public String getStatusCodeFirstLevel() {
+ return StatusCode.RESPONDER_URI;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel()
+ */
+ @Override
+ public String getStatusCodeSecondLevel() {
+ return StatusCode.AUTHN_FAILED_URI;
+ }
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java
new file mode 100644
index 000000000..c96af37ef
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAuthnRequestProcessingException extends eIDASException {
+
+ private String subStatusCode = null;
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1083563877689098041L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public eIDASAuthnRequestProcessingException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public eIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ this.subStatusCode = subStatusCode;
+ }
+
+ public eIDASAuthnRequestProcessingException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e );
+ }
+
+ public eIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e );
+ this.subStatusCode = subStatusCode;
+ }
+
+ @Override
+ public String getStatusCodeFirstLevel() {
+ return StatusCode.REQUESTER_URI;
+
+ }
+
+ @Override
+ public String getStatusCodeSecondLevel() {
+ if (MiscUtil.isNotEmpty(subStatusCode))
+ return subStatusCode;
+
+ else
+ return StatusCode.REQUEST_DENIED_URI;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java
new file mode 100644
index 000000000..2a15ee18a
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAuthnRequestValidationException extends eIDASException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 4353716509546972267L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public eIDASAuthnRequestValidationException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+
+ }
+
+ @Override
+ public String getStatusCodeFirstLevel() {
+ return StatusCode.REQUESTER_URI;
+
+ }
+
+ @Override
+ public String getStatusCodeSecondLevel() {
+ return StatusCode.RESOURCE_NOT_RECOGNIZED_URI;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java
new file mode 100644
index 000000000..f42004abc
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+
+/**
+ * @author tlenz
+ *
+ */
+public abstract class eIDASException extends MOAIDException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+
+ public abstract String getStatusCodeFirstLevel();
+ public abstract String getStatusCodeSecondLevel();
+
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public eIDASException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public eIDASException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java
new file mode 100644
index 000000000..0ffcf11ef
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASResponseBuildException extends eIDASException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 4446851988854996919L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public eIDASResponseBuildException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ public eIDASResponseBuildException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
+ }
+
+ @Override
+ public String getStatusCodeFirstLevel() {
+ return StatusCode.RESPONDER_URI;
+
+ }
+
+ @Override
+ public String getStatusCodeSecondLevel() {
+ return StatusCode.AUTHN_FAILED_URI;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 7a696cd2f..5d7430dd7 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -22,19 +22,15 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
-import java.io.IOException;
import java.io.InputStream;
-import java.text.ParseException;
import java.text.SimpleDateFormat;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.parsers.ParserConfigurationException;
import org.springframework.stereotype.Component;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -94,28 +90,28 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
// - set bpk/wpbk;
Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
- throw new eIDASAttributeException("PersonalIdentifier is missing");
+ throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
String eIdentifier = eIDASAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).getValue().get(0);
prIdentification.getFirstChild().setNodeValue(eIdentifier);
// - set last name
Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))
- throw new eIDASAttributeException("currentFamilyName is missing");
+ throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME);
String familyName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME).getValue().get(0);
prFamilyName.getFirstChild().setNodeValue(familyName);
// - set first name
Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTGIVENNAME))
- throw new eIDASAttributeException("currentGivenName is missing");
+ throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME);
String givenName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME).getValue().get(0);
prGivenName.getFirstChild().setNodeValue(givenName);
// - set date of birth
Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_DATEOFBIRTH))
- throw new eIDASAttributeException("dateOfBirth is missing");
+ throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH);
String dateOfBirth = eIDASAttributes.get(Constants.eIDAS_ATTR_DATEOFBIRTH).getValue().get(0);
dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(new SimpleDateFormat("yyyyMMdd").parse(dateOfBirth));
prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth);
@@ -149,15 +145,18 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
//store MOA-session to database
authenticatedSessionStorage.storeSession(moasession);
-
- } catch (ParseException | MOAIDException | MOADatabaseException | ParserConfigurationException | SAXException | IOException e) {
- throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
-
+
} catch (eIDASAttributeException e) {
throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
-
- }
-
+
+ } catch (MOAIDException | MOADatabaseException e) {
+ throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+
+ } catch (Exception e) {
+ Logger.error("IdentityLink generation for foreign person FAILED.", e);
+ throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+
+ }
}
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index c953e40ef..c82636a8f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -22,7 +22,6 @@
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
-import java.io.IOException;
import java.io.StringWriter;
import java.util.Collection;
@@ -86,13 +85,13 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
if (StringUtils.isEmpty(citizenCountryCode)) {
// illegal state; task should not have been executed without a selected country
- throw new AuthenticationException("stork.22", new Object[] { pendingReq.getRequestID() });
+ throw new AuthenticationException("eIDAS.03", new Object[] { "" });
}
CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode);
if(null == cpeps) {
Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
- throw new AuthenticationException("Unknown PEPS for citizen country '{}'", new Object[] {citizenCountryCode});
+ throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode});
}
Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode);
String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
@@ -184,24 +183,25 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
revisionsLogger.logEvent(oaConfig, pendingReq,
MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
authnRequest.getSamlId());
-
- } catch (IOException e) {
- Logger.error("Velocity IO error: " + e.getMessage());
- throw new MOAIDException("stork.15", null); // TODO
+
} catch (Exception e) {
Logger.error("Velocity general error: " + e.getMessage());
- throw new MOAIDException("stork.15", null); // TODO
+ throw new MOAIDException("eIDAS.02", new Object[]{e.getMessage()}, e);
+
}
}catch (EIDASSAMLEngineException e){
- Logger.error("eIDAS AuthnRequest generation FAILED.", e);
throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.",
- new EIDASEngineException("Could not generate token for Saml Request", e));
+ new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e));
- } catch (EIDASEngineException | MOAIDException e) {
+ } catch (MOAIDException e) {
throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e);
- }
+ } catch (Exception e) {
+ Logger.error("eIDAS AuthnRequest generation FAILED.", e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ }
}
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 5d1b7fb6f..b73c2a873 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -88,14 +88,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
Logger.error("eIDAS AuthnRequest generation FAILED.", e);
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
- throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.",
- new EIDASEngineException("Could not validate eIDAS response", e));
+ throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.",
+ new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e));
- } catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
+ } catch (MOAIDException | MOADatabaseException e) {
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
+ } catch (Exception e) {
+ Logger.error("eIDAS Response processing FAILED.", e);
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq,
+ MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
}
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 8fe44f4d6..eeb8305cf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -66,7 +66,7 @@ public class SAMLEngineUtils {
} catch (EIDASSAMLEngineException e) {
Logger.error("eIDAS SAMLengine initialization FAILED!", e);
- throw new EIDASEngineException("eIDAS SAMLengine initialization FAILED!", e);
+ throw new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e);
}
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 1996c3d7c..24134f1d9 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -23,17 +23,30 @@
package at.gv.egovernment.moa.id.protocols.eidas;
import java.io.IOException;
+import java.io.StringWriter;
+import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestProcessingException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestValidationException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
@@ -44,8 +57,11 @@ import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.EIDASAuthnResponse;
import eu.eidas.auth.commons.EIDASUtil;
import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.MetadataUtil;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
/**
* eIDAS Protocol Support for outbound authentication and metadata generation
@@ -140,7 +156,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
First request step - send it to BKU selection for user authentication. After the user credentials
and other info are obtained, in the second step the request will be processed and the user redirected
*/
- public void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException {
+ private void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException {
Logger.info("received an eIDaS request");
@@ -177,13 +193,36 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
pendingReq.setEidasRequest(samlReq);
+ //validate destination against metadata
+ String reqDestination = samlReq.getDestination();
+ if (MiscUtil.isNotEmpty(reqDestination)) {
+ boolean isValid = false;
+ List<AssertionConsumerService> allowedAssertionConsumerUrl = new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance())
+ .getSPSSODescriptor(samlReq.getIssuer()).getAssertionConsumerServices();
+
+ for (AssertionConsumerService el : allowedAssertionConsumerUrl) {
+ if (reqDestination.equals(el.getLocation()))
+ isValid = true;
+
+ }
+
+ if (!isValid) {
+ Logger.info("eIDAS AuthnRequest contains a not valid 'Destination' attribute");
+ throw new eIDASAuthnRequestValidationException("stork.01",
+ new Object[]{"eIDAS AuthnRequest contains a not valid 'Destination' attribute"});
+ }
+
+ }
+
+
// - memorize OA url
pendingReq.setOAURL(samlReq.getIssuer());
// - memorize OA config
IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(pendingReq.getOAURL());
if (oaConfig == null)
- throw new AuthenticationException("stork.12", new Object[]{pendingReq.getOAURL()});
+ throw new eIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{pendingReq.getOAURL()});
+
pendingReq.setOnlineApplicationConfiguration(oaConfig);
String spType = samlReq.getSPType();
@@ -194,16 +233,102 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
}
Logger.debug("eIDAS request has SPType:" + spType);
+
+ } catch (MOAIDException e) {
+ Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
+ throw e;
+
+ } catch (EIDASSAMLEngineException e) {
+ Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
+ throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
} catch(Exception e) {
- Logger.error("error in preprocessing step", e);
- throw new MOAIDException("error in preprocessing step", null);
+ Logger.warn("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage(), e);
+ throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
}
}
- public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable {
- return false;
+ public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest pendingReq) throws Throwable {
+ if (pendingReq != null && pendingReq instanceof EIDASData) {
+ EIDASData eidasReq = (EIDASData) pendingReq;
+ if (eidasReq.getEidasRequest() == null) {
+ Logger.info("Can not build eIDAS ErrorResponse. No eIDAS AuthnRequest found.");
+ return false;
+ }
+
+ try {
+ EIDASAuthnResponse eIDASResp = new EIDASAuthnResponse();
+ eIDASResp.setIssuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+
+ if (e instanceof eIDASException) {
+ eIDASResp.setStatusCode(((eIDASException) e).getStatusCodeFirstLevel());
+ eIDASResp.setSubStatusCode(((eIDASException) e).getStatusCodeSecondLevel());
+ eIDASResp.setMessage(e.getMessage());
+
+ } else if (e instanceof MOAIDException ) {
+ eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
+ eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
+ eIDASResp.setMessage(e.getMessage());
+
+ } else {
+ eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
+ eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
+ eIDASResp.setMessage(e.getMessage());
+
+ }
+
+
+ EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+
+ if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) {
+ String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
+ new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()),
+ engine,
+ eidasReq.getEidasRequest());
+ eidasReq.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+
+ }
+ //get eIDAS SAML-engine
+
+ eIDASResp = engine.generateEIDASAuthnResponseFail(eidasReq.getEidasRequest(), eIDASResp,
+ eidasReq.getRemoteAddress(), true);
+
+ String token = EIDASUtil.encodeSAMLToken(eIDASResp.getTokenSaml());
+
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+ VelocityContext context = new VelocityContext();
+
+ context.put("RelayState", eidasReq.getRemoteRelayState());
+
+ context.put("SAMLResponse", token);
+ Logger.debug("SAMLResponse original: " + token);
+
+ Logger.debug("Putting assertion consumer url as action: " + eidasReq.getEidasRequest().getAssertionConsumerServiceURL());
+ context.put("action", eidasReq.getEidasRequest().getAssertionConsumerServiceURL());
+ Logger.trace("Starting template merge");
+ StringWriter writer = new StringWriter();
+
+ Logger.trace("Doing template merge");
+ template.merge(context, writer);
+ Logger.trace("Template merge done");
+
+ Logger.trace("Sending html content : " + new String(writer.getBuffer()));
+
+ response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+ response.setContentType(MediaType.TEXT_HTML.getType());
+
+ return true;
+
+ } catch (Exception e1 ) {
+ Logger.error("Generate eIDAS Error-Response failed.", e);
+
+ }
+
+ }
+
+ return false;
}
public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index 60ffb3673..b4db5c83d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -71,8 +71,10 @@ public class EidasMetaDataRequest implements IAction {
httpResp.setContentType(MediaType.APPLICATION_XML.getType());
httpResp.getWriter().print(metaData);
httpResp.flushBuffer();
- } catch (Exception e) {
- e.printStackTrace();
+ } catch (Exception e) {
+ Logger.error("eIDAS Metadata generation FAILED.", e);
+ throw new MOAIDException("eIDAS.05", new Object[]{e.getMessage()}, e);
+
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index d9663092f..9943cc5fb 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -122,19 +122,21 @@ public class eIDASAuthenticationRequest implements IAction {
// but we need to set the appropriate request issuer
engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
- // check if we have the destination available, supply it if not
+
if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()),
engine,
eidasRequest.getEidasRequest());
eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+
}
response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
token = EIDASUtil.encodeSAMLToken(response.getTokenSaml());
+
} catch(Exception e) {
e.printStackTrace();
}