aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-modules-federated_authentication
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-modules-federated_authentication')
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java6
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java29
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java21
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java12
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java2
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java27
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java125
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java23
8 files changed, 135 insertions, 110 deletions
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
index 49275c6eb..4068d2d99 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
@@ -22,9 +22,9 @@
*/
package at.gv.egovernment.moa.id.auth.modules.federatedauth;
-import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
/**
* @author tlenz
@@ -39,7 +39,7 @@ public class FederatedAuthenticationModuleImpl implements AuthModule {
public int getPriority() {
// TODO Auto-generated method stub
return 0;
- }
+ }
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
index 1fff56f8d..a1b8631dc 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
@@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.config;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
-import java.util.Iterator;
import java.util.List;
import org.opensaml.saml2.core.Attribute;
@@ -35,16 +34,15 @@ import org.opensaml.saml2.metadata.Organization;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.xml.security.credential.Credential;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.Trible;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -58,11 +56,14 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
private String authURL;
private FederatedAuthCredentialProvider credentialProvider;
+ private IPVP2BasicConfiguration pvpConfiguration;
- public FederatedAuthMetadataConfiguration(String authURL, FederatedAuthCredentialProvider credentialProvider) {
+ public FederatedAuthMetadataConfiguration(String authURL,
+ FederatedAuthCredentialProvider credentialProvider,
+ IPVP2BasicConfiguration pvpConfiguration) {
this.authURL = authURL;
this.credentialProvider = credentialProvider;
-
+ this.pvpConfiguration = pvpConfiguration;
}
@@ -125,9 +126,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
@Override
public List<ContactPerson> getContactPersonInformation() {
try {
- return PVPConfiguration.getInstance().getIDPContacts();
+ return pvpConfiguration.getIDPContacts();
- } catch (ConfigurationException e) {
+ } catch (EAAFException e) {
Logger.warn("Can not load Metadata entry: Contect Person", e);
return null;
@@ -141,9 +142,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
@Override
public Organization getOrgansiationInformation() {
try {
- return PVPConfiguration.getInstance().getIDPOrganisation();
+ return pvpConfiguration.getIDPOrganisation();
- } catch (ConfigurationException e) {
+ } catch (EAAFException e) {
Logger.warn("Can not load Metadata entry: Organisation", e);
return null;
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
index 000590923..50da5187b 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
@@ -22,14 +22,17 @@
*/
package at.gv.egovernment.moa.id.auth.modules.federatedauth.config;
+import java.util.List;
+
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.xml.security.credential.Credential;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
/**
* @author tlenz
@@ -207,5 +210,21 @@ public class FederatedAuthnRequestBuilderConfiguration implements IPVPAuthnReque
return null;
}
+ @Override
+ public List<EAAFRequestedAttribute> getRequestedAttributes() {
+ return null;
+
+ }
+
+ @Override
+ public String getProviderName() {
+ return null;
+ }
+
+ @Override
+ public String getScopeRequesterId() {
+ return null;
+ }
+
}
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
index e86d31708..6a733adb8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
@@ -34,14 +34,15 @@ import org.springframework.web.bind.annotation.RequestMethod;
import com.google.common.net.MediaType;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
-import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -54,6 +55,7 @@ public class FederatedAuthMetadataController extends AbstractController {
@Autowired PVPMetadataBuilder metadatabuilder;
@Autowired AuthConfiguration authConfig;
@Autowired FederatedAuthCredentialProvider credentialProvider;
+ @Autowired IPVP2BasicConfiguration pvpConfiguration;
public FederatedAuthMetadataController() {
super();
@@ -76,7 +78,7 @@ public class FederatedAuthMetadataController extends AbstractController {
} else {
//initialize metadata builder configuration
IPVPMetadataBuilderConfiguration metadataConfig =
- new FederatedAuthMetadataConfiguration(authURL, credentialProvider);
+ new FederatedAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
//build metadata
String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java
index 431ed5ef1..5edd36248 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java
@@ -32,8 +32,8 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
-import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
import at.gv.egovernment.moa.logging.Logger;
/**
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index f5896bc25..20fd5ebc4 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -35,21 +35,21 @@ import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -59,10 +59,11 @@ import at.gv.egovernment.moa.util.MiscUtil;
*/
@Component("CreateFederatedAuthnRequestTask")
public class CreateAuthnRequestTask extends AbstractAuthServletTask {
-
+
@Autowired PVPAuthnRequestBuilder authnReqBuilder;
@Autowired FederatedAuthCredentialProvider credential;
@Autowired(required=true) MOAMetadataProvider metadataProvider;
+ @Autowired(required=true) ILoALevelMapper loaMapper;
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -72,7 +73,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
throws TaskExecutionException {
try{
// get IDP entityID
- String idpEntityID = pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+ String idpEntityID = pendingReq.getGenericData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class);
if (MiscUtil.isEmpty(idpEntityID)) {
Logger.info("Interfederation not possible -> not inderfederation IDP EntityID found!");
@@ -81,7 +82,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
}
//load IDP configuration from MOA-ID Configuration
- IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(idpEntityID);
+ IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(idpEntityID, IOAAuthParameters.class);
//validate IDP
if (!idpConfig.isInderfederationIDP() || !idpConfig.isInboundSSOInterfederationAllowed()) {
Logger.info("Requested interfederation IDP " + idpEntityID + " is not valid for interfederation.");
@@ -117,7 +118,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
//build and transmit AuthnRequest
authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
- } catch (MOAIDException | MetadataProviderException e) {
+ } catch (MetadataProviderException e) {
throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest for SSO inderfederation FAILED.", e);
} catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e) {
@@ -156,7 +157,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
}
private String evaluateRequiredQAALevel() {
- IOAAuthParameters sp = pendingReq.getOnlineApplicationConfiguration();
+ IOAAuthParameters sp = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
//check if STORK protocol module is in ClassPath
Object storkRequst = null;
@@ -182,7 +183,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
pendingReq.getClass().isInstance(storkRequst)) {
try {
- secClass = PVPtoSTORKMapper.getInstance().mapToSecClass(
+ secClass = loaMapper.mapToSecClass(
PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass));
} catch (Exception e) {
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index dea5e4894..f5af84405 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.tasks;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
+import java.util.Collections;
import java.util.List;
import java.util.Set;
@@ -41,42 +42,39 @@ import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -89,7 +87,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
- @Autowired private FederatedAuthCredentialProvider credentialProvider;
+ @Autowired private FederatedAuthCredentialProvider credentialProvider;
@Autowired private SSOManager ssoManager;
@Autowired private AttributQueryBuilder attributQueryBuilder;
@Autowired private AuthenticationDataBuilder authDataBuilder;
@@ -107,17 +105,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
try {
- IDecoder decoder = null;
- MOAURICompare comperator = null;
+ IDecoder decoder = null;
+ EAAFURICompare comperator = null;
//select Response Binding
if (request.getMethod().equalsIgnoreCase("POST")) {
decoder = new PostBinding();
- comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST);
+ comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST);
Logger.trace("Receive PVP Response from federated IDP, by using POST-Binding.");
} else if (request.getMethod().equalsIgnoreCase("GET")) {
decoder = new RedirectBinding();
- comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT);
+ comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT);
Logger.trace("Receive PVP Response from federated IDP, by using Redirect-Binding.");
} else {
@@ -133,7 +131,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
comperator);
if (MiscUtil.isEmpty(msg.getEntityID())) {
- throw new InvalidProtocolRequestException("sp.pvp2.04", new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING});
+ throw new InvalidProtocolRequestException("sp.pvp2.04",
+ new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING});
}
@@ -147,11 +146,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
//validate assertion
- MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
+ PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
//load IDP and SP configuration
- IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID());
- IOAAuthParameters spConfig = pendingReq.getOnlineApplicationConfiguration();
+ IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
+ IOAAuthParameters spConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
//check if response Entity is valid
if (!idpConfig.isInderfederationIDP()) {
@@ -161,10 +160,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
msg.getEntityID()});
}
-
- //load MOASession from database
- defaultTaskInitialization(request, executionContext);
-
+
//initialize Attribute extractor
AssertionAttributeExtractor extractor =
new AssertionAttributeExtractor((Response) processedMsg.getResponse());
@@ -173,11 +169,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
if (spConfig.isInderfederationIDP()) {
//SP is a federated IDP --> answer only with nameID and wait for attribute-Query
pendingReq.setGenericDataToSession(
- PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true);
+ MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true);
pendingReq.setGenericDataToSession(
- PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID());
+ MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID());
pendingReq.setGenericDataToSession(
- PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
+ MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
authenticatedSessionStorage.
addFederatedSessionInformation(pendingReq,
@@ -187,7 +183,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
//SP is real Service-Provider --> check attributes in response
// and start Attribute-Query if required
- getAuthDataFromInterfederation(extractor, pendingReq.getOnlineApplicationConfiguration(),
+ getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class),
idpConfig);
//store federatedIDP to MOASession
@@ -199,8 +195,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
}
//store valid assertion into pending-request
- pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg);
- pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID());
+ pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg);
+ pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID());
//store pending-request
requestStoreage.storePendingRequest(pendingReq);
@@ -225,13 +221,21 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
Logger.info("PVP response validation FAILED. Msg:" + e.getMessage());
if (msg != null) {
- IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID());
-
- //remove federated IDP from SSO session if exists
- ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
+ IOAAuthParameters idpConfig = null;
+ try {
+ idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
+ //remove federated IDP from SSO session if exists
+ ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
+
+ //select next step
+ handleAuthnResponseValidationProblem(executionContext, idpConfig, e);
+
+ } catch (EAAFConfigurationException e1) {
+ Logger.error("Can not handle error during an internal problem. ", e1);
+ throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+
+ }
- //select next step
- handleAuthnResponseValidationProblem(executionContext, idpConfig, e);
} else
throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
@@ -256,22 +260,25 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
try {
Logger.debug("Service Provider is no federated IDP --> start Attribute validation or requesting ... ");
- Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider);
+
+ //TODO!!!!!
+ //Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider);
+ Collection<String> requestedAttr = Collections.emptyList();
//check if SAML2 Assertion contains a minimal set of attributes
//TODO: switch back to correct attribute query
if (!extractor.containsAllRequiredAttributes()
- && !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList)) {
+ && !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList) ) {
Logger.info("Received assertion does no contain a minimum set of attributes. Starting AttributeQuery process ...");
//build attributQuery request
List<Attribute> attributs =
attributQueryBuilder.buildSAML2AttributeList(spConfig, requestedAttr.iterator());
- //request IDP to get additional attributes
- extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(),
- idpConfig, pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA);
+// //request IDP to get additional attributes
+// extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(),
+// idpConfig, pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA);
} else {
Logger.info("Interfedation response include a minimal set of attributes with are required. Skip AttributQuery request step. ");
@@ -303,29 +310,23 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
}
}
- moasession.setGenericDataToSession(el, value);
+ pendingReq.setGenericDataToSession(el, value);
Logger.debug("Add PVP-attribute " + el + " into MOASession");
}
//set validTo from this federated IDP response
- moasession.setGenericDataToSession(
+ pendingReq.setGenericDataToSession(
AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO,
extractor.getAssertionNotOnOrAfter());
- } catch (AttributQueryException e) {
- throw new BuildException("builder.06", null, e);
-
- } catch (SessionDataStorageException e) {
- throw new BuildException("builder.06", null, e);
-
} catch (AssertionValidationExeption e) {
throw new BuildException("builder.06", null, e);
- } catch (AssertionAttributeExtractorExeption e) {
+ } catch (MOAIDException e) {
throw new BuildException("builder.06", null, e);
- } catch (MOAIDException e) {
+ } catch (EAAFStorageException e) {
throw new BuildException("builder.06", null, e);
}
@@ -366,7 +367,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
* @throws AssertionValidationExeption
* @throws AuthnResponseValidationException
*/
- private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
+ private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
Logger.debug("Start PVP21 assertion processing... ");
Response samlResp = (Response) msg.getResponse();
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
index aac253083..38568cdd8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
@@ -25,10 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.utils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
/**
* @author tlenz
@@ -43,9 +44,9 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
* @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
*/
@Override
- public String getKeyStoreFilePath() {
+ public String getKeyStoreFilePath() throws ConfigurationException {
return FileUtils.makeAbsoluteURL(
- authConfig.getBasicMOAIDConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTORE),
+ authConfig.getBasicConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTORE),
authConfig.getRootConfigFileDir());
}
@@ -54,7 +55,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
*/
@Override
public String getKeyStorePassword() {
- return authConfig.getBasicMOAIDConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim();
+ return authConfig.getBasicConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim();
}
@@ -63,7 +64,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
*/
@Override
public String getMetadataKeyAlias() {
- return authConfig.getBasicMOAIDConfiguration(
+ return authConfig.getBasicConfiguration(
FederatedAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim();
}
@@ -72,7 +73,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
*/
@Override
public String getMetadataKeyPassword() {
- return authConfig.getBasicMOAIDConfiguration(
+ return authConfig.getBasicConfiguration(
FederatedAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim();
}
@@ -81,7 +82,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
*/
@Override
public String getSignatureKeyAlias() {
- return authConfig.getBasicMOAIDConfiguration(
+ return authConfig.getBasicConfiguration(
FederatedAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim();
}
@@ -90,7 +91,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
*/
@Override
public String getSignatureKeyPassword() {
- return authConfig.getBasicMOAIDConfiguration(
+ return authConfig.getBasicConfiguration(
FederatedAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim();
}
@@ -99,7 +100,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
*/
@Override
public String getEncryptionKeyAlias() {
- return authConfig.getBasicMOAIDConfiguration(
+ return authConfig.getBasicConfiguration(
FederatedAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim();
}
@@ -108,7 +109,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
*/
@Override
public String getEncryptionKeyPassword() {
- return authConfig.getBasicMOAIDConfiguration(
+ return authConfig.getBasicConfiguration(
FederatedAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim();
}