aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-modules-federated_authentication/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-modules-federated_authentication/src/main')
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java6
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java14
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java79
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java19
4 files changed, 61 insertions, 57 deletions
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
index 6bf6652c8..4068d2d99 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
@@ -22,9 +22,9 @@
*/
package at.gv.egovernment.moa.id.auth.modules.federatedauth;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
/**
* @author tlenz
@@ -39,7 +39,7 @@ public class FederatedAuthenticationModuleImpl implements AuthModule {
public int getPriority() {
// TODO Auto-generated method stub
return 0;
- }
+ }
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index 4ae255d1d..717099a8d 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -35,16 +35,16 @@ import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
@@ -59,7 +59,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
*/
@Component("CreateFederatedAuthnRequestTask")
public class CreateAuthnRequestTask extends AbstractAuthServletTask {
-
+
@Autowired PVPAuthnRequestBuilder authnReqBuilder;
@Autowired FederatedAuthCredentialProvider credential;
@Autowired(required=true) MOAMetadataProvider metadataProvider;
@@ -72,7 +72,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
throws TaskExecutionException {
try{
// get IDP entityID
- String idpEntityID = pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+ String idpEntityID = pendingReq.getGenericData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class);
if (MiscUtil.isEmpty(idpEntityID)) {
Logger.info("Interfederation not possible -> not inderfederation IDP EntityID found!");
@@ -81,7 +81,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
}
//load IDP configuration from MOA-ID Configuration
- IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(idpEntityID);
+ IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(idpEntityID, IOAAuthParameters.class);
//validate IDP
if (!idpConfig.isInderfederationIDP() || !idpConfig.isInboundSSOInterfederationAllowed()) {
Logger.info("Requested interfederation IDP " + idpEntityID + " is not valid for interfederation.");
@@ -156,7 +156,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
}
private String evaluateRequiredQAALevel() {
- IOAAuthParameters sp = pendingReq.getOnlineApplicationConfiguration();
+ IOAAuthParameters sp = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
//check if STORK protocol module is in ClassPath
Object storkRequst = null;
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index 2fc1ec053..c20342a11 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.tasks;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
+import java.util.Collections;
import java.util.List;
import java.util.Set;
@@ -41,11 +42,12 @@ import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -53,11 +55,10 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
@@ -65,9 +66,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
@@ -89,7 +88,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
- @Autowired private FederatedAuthCredentialProvider credentialProvider;
+ @Autowired private FederatedAuthCredentialProvider credentialProvider;
@Autowired private SSOManager ssoManager;
@Autowired private AttributQueryBuilder attributQueryBuilder;
@Autowired private AuthenticationDataBuilder authDataBuilder;
@@ -133,7 +132,9 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
comperator);
if (MiscUtil.isEmpty(msg.getEntityID())) {
- throw new InvalidProtocolRequestException("sp.pvp2.04", new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING});
+ throw new InvalidProtocolRequestException("sp.pvp2.04",
+ new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING},
+ "NO configuration for SP entityID: " + msg.getEntityID());
}
@@ -150,8 +151,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
//load IDP and SP configuration
- IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID());
- IOAAuthParameters spConfig = pendingReq.getOnlineApplicationConfiguration();
+ IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
+ IOAAuthParameters spConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
//check if response Entity is valid
if (!idpConfig.isInderfederationIDP()) {
@@ -161,10 +162,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
msg.getEntityID()});
}
-
- //load MOASession from database
- defaultTaskInitialization(request, executionContext);
-
+
//initialize Attribute extractor
AssertionAttributeExtractor extractor =
new AssertionAttributeExtractor((Response) processedMsg.getResponse());
@@ -187,7 +185,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
//SP is real Service-Provider --> check attributes in response
// and start Attribute-Query if required
- getAuthDataFromInterfederation(extractor, pendingReq.getOnlineApplicationConfiguration(),
+ getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class),
idpConfig);
//store federatedIDP to MOASession
@@ -199,8 +197,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
}
//store valid assertion into pending-request
- pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg);
- pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID());
+ pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg);
+ pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID());
//store pending-request
requestStoreage.storePendingRequest(pendingReq);
@@ -225,13 +223,21 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
Logger.info("PVP response validation FAILED. Msg:" + e.getMessage());
if (msg != null) {
- IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID());
-
- //remove federated IDP from SSO session if exists
- ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
+ IOAAuthParameters idpConfig = null;
+ try {
+ idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
+ //remove federated IDP from SSO session if exists
+ ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
+
+ //select next step
+ handleAuthnResponseValidationProblem(executionContext, idpConfig, e);
+
+ } catch (EAAFConfigurationException e1) {
+ Logger.error("Can not handle error during an internal problem. ", e1);
+ throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+
+ }
- //select next step
- handleAuthnResponseValidationProblem(executionContext, idpConfig, e);
} else
throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
@@ -256,22 +262,25 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
try {
Logger.debug("Service Provider is no federated IDP --> start Attribute validation or requesting ... ");
- Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider);
+
+ //TODO!!!!!
+ //Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider);
+ Collection<String> requestedAttr = Collections.emptyList();
//check if SAML2 Assertion contains a minimal set of attributes
//TODO: switch back to correct attribute query
if (!extractor.containsAllRequiredAttributes()
- && !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList)) {
+ && !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList) ) {
Logger.info("Received assertion does no contain a minimum set of attributes. Starting AttributeQuery process ...");
//build attributQuery request
List<Attribute> attributs =
attributQueryBuilder.buildSAML2AttributeList(spConfig, requestedAttr.iterator());
- //request IDP to get additional attributes
- extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(),
- idpConfig, pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA);
+// //request IDP to get additional attributes
+// extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(),
+// idpConfig, pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA);
} else {
Logger.info("Interfedation response include a minimal set of attributes with are required. Skip AttributQuery request step. ");
@@ -303,29 +312,23 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
}
}
- moasession.setGenericDataToSession(el, value);
+ pendingReq.setGenericDataToSession(el, value);
Logger.debug("Add PVP-attribute " + el + " into MOASession");
}
//set validTo from this federated IDP response
- moasession.setGenericDataToSession(
+ pendingReq.setGenericDataToSession(
AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO,
extractor.getAssertionNotOnOrAfter());
- } catch (AttributQueryException e) {
- throw new BuildException("builder.06", null, e);
-
- } catch (SessionDataStorageException e) {
- throw new BuildException("builder.06", null, e);
-
} catch (AssertionValidationExeption e) {
throw new BuildException("builder.06", null, e);
- } catch (AssertionAttributeExtractorExeption e) {
+ } catch (MOAIDException e) {
throw new BuildException("builder.06", null, e);
- } catch (MOAIDException e) {
+ } catch (EAAFStorageException e) {
throw new BuildException("builder.06", null, e);
}
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
index aac253083..9ef02935b 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
@@ -27,6 +27,7 @@ import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
import at.gv.egovernment.moa.util.FileUtils;
@@ -43,9 +44,9 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
* @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
*/
@Override
- public String getKeyStoreFilePath() {
+ public String getKeyStoreFilePath() throws ConfigurationException {
return FileUtils.makeAbsoluteURL(
- authConfig.getBasicMOAIDConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTORE),
+ authConfig.getBasicConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTORE),
authConfig.getRootConfigFileDir());
}
@@ -54,7 +55,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
*/
@Override
public String getKeyStorePassword() {
- return authConfig.getBasicMOAIDConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim();
+ return authConfig.getBasicConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim();
}
@@ -63,7 +64,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
*/
@Override
public String getMetadataKeyAlias() {
- return authConfig.getBasicMOAIDConfiguration(
+ return authConfig.getBasicConfiguration(
FederatedAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim();
}
@@ -72,7 +73,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
*/
@Override
public String getMetadataKeyPassword() {
- return authConfig.getBasicMOAIDConfiguration(
+ return authConfig.getBasicConfiguration(
FederatedAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim();
}
@@ -81,7 +82,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
*/
@Override
public String getSignatureKeyAlias() {
- return authConfig.getBasicMOAIDConfiguration(
+ return authConfig.getBasicConfiguration(
FederatedAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim();
}
@@ -90,7 +91,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
*/
@Override
public String getSignatureKeyPassword() {
- return authConfig.getBasicMOAIDConfiguration(
+ return authConfig.getBasicConfiguration(
FederatedAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim();
}
@@ -99,7 +100,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
*/
@Override
public String getEncryptionKeyAlias() {
- return authConfig.getBasicMOAIDConfiguration(
+ return authConfig.getBasicConfiguration(
FederatedAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim();
}
@@ -108,7 +109,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
*/
@Override
public String getEncryptionKeyPassword() {
- return authConfig.getBasicMOAIDConfiguration(
+ return authConfig.getBasicConfiguration(
FederatedAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim();
}