aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-modules-federated_authentication
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-modules-federated_authentication')
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java29
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java2
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java8
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java11
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java43
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java4
6 files changed, 50 insertions, 47 deletions
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
index 1fff56f8d..a1b8631dc 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
@@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.config;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
-import java.util.Iterator;
import java.util.List;
import org.opensaml.saml2.core.Attribute;
@@ -35,16 +34,15 @@ import org.opensaml.saml2.metadata.Organization;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.xml.security.credential.Credential;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.Trible;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -58,11 +56,14 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
private String authURL;
private FederatedAuthCredentialProvider credentialProvider;
+ private IPVP2BasicConfiguration pvpConfiguration;
- public FederatedAuthMetadataConfiguration(String authURL, FederatedAuthCredentialProvider credentialProvider) {
+ public FederatedAuthMetadataConfiguration(String authURL,
+ FederatedAuthCredentialProvider credentialProvider,
+ IPVP2BasicConfiguration pvpConfiguration) {
this.authURL = authURL;
this.credentialProvider = credentialProvider;
-
+ this.pvpConfiguration = pvpConfiguration;
}
@@ -125,9 +126,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
@Override
public List<ContactPerson> getContactPersonInformation() {
try {
- return PVPConfiguration.getInstance().getIDPContacts();
+ return pvpConfiguration.getIDPContacts();
- } catch (ConfigurationException e) {
+ } catch (EAAFException e) {
Logger.warn("Can not load Metadata entry: Contect Person", e);
return null;
@@ -141,9 +142,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
@Override
public Organization getOrgansiationInformation() {
try {
- return PVPConfiguration.getInstance().getIDPOrganisation();
+ return pvpConfiguration.getIDPOrganisation();
- } catch (ConfigurationException e) {
+ } catch (EAAFException e) {
Logger.warn("Can not load Metadata entry: Organisation", e);
return null;
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
index 000590923..6cbe558e7 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
@@ -28,8 +28,8 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.xml.security.credential.Credential;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
/**
* @author tlenz
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
index 399845643..6a733adb8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
@@ -36,12 +36,13 @@ import com.google.common.net.MediaType;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -54,6 +55,7 @@ public class FederatedAuthMetadataController extends AbstractController {
@Autowired PVPMetadataBuilder metadatabuilder;
@Autowired AuthConfiguration authConfig;
@Autowired FederatedAuthCredentialProvider credentialProvider;
+ @Autowired IPVP2BasicConfiguration pvpConfiguration;
public FederatedAuthMetadataController() {
super();
@@ -76,7 +78,7 @@ public class FederatedAuthMetadataController extends AbstractController {
} else {
//initialize metadata builder configuration
IPVPMetadataBuilderConfiguration metadataConfig =
- new FederatedAuthMetadataConfiguration(authURL, credentialProvider);
+ new FederatedAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
//build metadata
String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index 717099a8d..20fd5ebc4 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -35,9 +35,12 @@ import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
@@ -46,10 +49,7 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.util.LoALevelMapper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -63,6 +63,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
@Autowired PVPAuthnRequestBuilder authnReqBuilder;
@Autowired FederatedAuthCredentialProvider credential;
@Autowired(required=true) MOAMetadataProvider metadataProvider;
+ @Autowired(required=true) ILoALevelMapper loaMapper;
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -117,7 +118,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
//build and transmit AuthnRequest
authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
- } catch (MOAIDException | MetadataProviderException e) {
+ } catch (MetadataProviderException e) {
throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest for SSO inderfederation FAILED.", e);
} catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e) {
@@ -182,7 +183,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
pendingReq.getClass().isInstance(storkRequst)) {
try {
- secClass = LoALevelMapper.getInstance().mapToSecClass(
+ secClass = loaMapper.mapToSecClass(
PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass));
} catch (Exception e) {
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index c20342a11..bb7f735aa 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -48,6 +48,18 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -60,22 +72,9 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -106,17 +105,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
try {
- IDecoder decoder = null;
- MOAURICompare comperator = null;
+ IDecoder decoder = null;
+ EAAFURICompare comperator = null;
//select Response Binding
if (request.getMethod().equalsIgnoreCase("POST")) {
decoder = new PostBinding();
- comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST);
+ comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST);
Logger.trace("Receive PVP Response from federated IDP, by using POST-Binding.");
} else if (request.getMethod().equalsIgnoreCase("GET")) {
decoder = new RedirectBinding();
- comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT);
+ comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT);
Logger.trace("Receive PVP Response from federated IDP, by using Redirect-Binding.");
} else {
@@ -148,7 +147,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
//validate assertion
- MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
+ PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
//load IDP and SP configuration
IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
@@ -171,11 +170,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
if (spConfig.isInderfederationIDP()) {
//SP is a federated IDP --> answer only with nameID and wait for attribute-Query
pendingReq.setGenericDataToSession(
- PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true);
+ MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true);
pendingReq.setGenericDataToSession(
- PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID());
+ MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID());
pendingReq.setGenericDataToSession(
- PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
+ MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
authenticatedSessionStorage.
addFederatedSessionInformation(pendingReq,
@@ -369,7 +368,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
* @throws AssertionValidationExeption
* @throws AuthnResponseValidationException
*/
- private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
+ private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
Logger.debug("Start PVP21 assertion processing... ");
Response samlResp = (Response) msg.getResponse();
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
index 9ef02935b..38568cdd8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
@@ -25,11 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.utils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.util.FileUtils;
/**
* @author tlenz