aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java')
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java79
1 files changed, 41 insertions, 38 deletions
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index 2fc1ec053..c20342a11 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.tasks;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
+import java.util.Collections;
import java.util.List;
import java.util.Set;
@@ -41,11 +42,12 @@ import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -53,11 +55,10 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
@@ -65,9 +66,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
@@ -89,7 +88,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
- @Autowired private FederatedAuthCredentialProvider credentialProvider;
+ @Autowired private FederatedAuthCredentialProvider credentialProvider;
@Autowired private SSOManager ssoManager;
@Autowired private AttributQueryBuilder attributQueryBuilder;
@Autowired private AuthenticationDataBuilder authDataBuilder;
@@ -133,7 +132,9 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
comperator);
if (MiscUtil.isEmpty(msg.getEntityID())) {
- throw new InvalidProtocolRequestException("sp.pvp2.04", new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING});
+ throw new InvalidProtocolRequestException("sp.pvp2.04",
+ new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING},
+ "NO configuration for SP entityID: " + msg.getEntityID());
}
@@ -150,8 +151,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
//load IDP and SP configuration
- IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID());
- IOAAuthParameters spConfig = pendingReq.getOnlineApplicationConfiguration();
+ IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
+ IOAAuthParameters spConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
//check if response Entity is valid
if (!idpConfig.isInderfederationIDP()) {
@@ -161,10 +162,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
msg.getEntityID()});
}
-
- //load MOASession from database
- defaultTaskInitialization(request, executionContext);
-
+
//initialize Attribute extractor
AssertionAttributeExtractor extractor =
new AssertionAttributeExtractor((Response) processedMsg.getResponse());
@@ -187,7 +185,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
//SP is real Service-Provider --> check attributes in response
// and start Attribute-Query if required
- getAuthDataFromInterfederation(extractor, pendingReq.getOnlineApplicationConfiguration(),
+ getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class),
idpConfig);
//store federatedIDP to MOASession
@@ -199,8 +197,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
}
//store valid assertion into pending-request
- pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg);
- pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID());
+ pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg);
+ pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID());
//store pending-request
requestStoreage.storePendingRequest(pendingReq);
@@ -225,13 +223,21 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
Logger.info("PVP response validation FAILED. Msg:" + e.getMessage());
if (msg != null) {
- IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID());
-
- //remove federated IDP from SSO session if exists
- ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
+ IOAAuthParameters idpConfig = null;
+ try {
+ idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
+ //remove federated IDP from SSO session if exists
+ ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
+
+ //select next step
+ handleAuthnResponseValidationProblem(executionContext, idpConfig, e);
+
+ } catch (EAAFConfigurationException e1) {
+ Logger.error("Can not handle error during an internal problem. ", e1);
+ throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+
+ }
- //select next step
- handleAuthnResponseValidationProblem(executionContext, idpConfig, e);
} else
throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
@@ -256,22 +262,25 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
try {
Logger.debug("Service Provider is no federated IDP --> start Attribute validation or requesting ... ");
- Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider);
+
+ //TODO!!!!!
+ //Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider);
+ Collection<String> requestedAttr = Collections.emptyList();
//check if SAML2 Assertion contains a minimal set of attributes
//TODO: switch back to correct attribute query
if (!extractor.containsAllRequiredAttributes()
- && !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList)) {
+ && !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList) ) {
Logger.info("Received assertion does no contain a minimum set of attributes. Starting AttributeQuery process ...");
//build attributQuery request
List<Attribute> attributs =
attributQueryBuilder.buildSAML2AttributeList(spConfig, requestedAttr.iterator());
- //request IDP to get additional attributes
- extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(),
- idpConfig, pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA);
+// //request IDP to get additional attributes
+// extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(),
+// idpConfig, pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA);
} else {
Logger.info("Interfedation response include a minimal set of attributes with are required. Skip AttributQuery request step. ");
@@ -303,29 +312,23 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
}
}
- moasession.setGenericDataToSession(el, value);
+ pendingReq.setGenericDataToSession(el, value);
Logger.debug("Add PVP-attribute " + el + " into MOASession");
}
//set validTo from this federated IDP response
- moasession.setGenericDataToSession(
+ pendingReq.setGenericDataToSession(
AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO,
extractor.getAssertionNotOnOrAfter());
- } catch (AttributQueryException e) {
- throw new BuildException("builder.06", null, e);
-
- } catch (SessionDataStorageException e) {
- throw new BuildException("builder.06", null, e);
-
} catch (AssertionValidationExeption e) {
throw new BuildException("builder.06", null, e);
- } catch (AssertionAttributeExtractorExeption e) {
+ } catch (MOAIDException e) {
throw new BuildException("builder.06", null, e);
- } catch (MOAIDException e) {
+ } catch (EAAFStorageException e) {
throw new BuildException("builder.06", null, e);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 21:53:19 +0000