diff options
Diffstat (limited to 'id/server')
7 files changed, 48 insertions, 16 deletions
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index fcadf1f36..c1533eeb7 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -277,7 +277,12 @@ <groupId>org.bouncycastle</groupId>
</exclusion>
</exclusions>
- </dependency>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.santuario</groupId>
+ <artifactId>xmlsec</artifactId>
+ <version>2.0.5</version>
+ </dependency>
<!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) -->
<dependency>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 4c83d0ea4..908c7e7b6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -1110,7 +1110,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { if (MiscUtil.isNotEmpty(eIDASOutboundCountry) && !COUNTRYCODE_AUSTRIA.equals(eIDASOutboundCountry)) { Pair<String, String> eIDASID = new BPKBuilder().buildeIDASIdentifer(baseIDType, baseID, COUNTRYCODE_AUSTRIA, eIDASOutboundCountry); - Logger.trace("Authenticate user with bPK:" + eIDASID.getFirst() + " Type:" + eIDASID.getSecond()); + Logger.debug("Authenticate user with bPK:" + eIDASID.getFirst() + " Type:" + eIDASID.getSecond()); return eIDASID; } else if (oaParam.getBusinessService()) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java index 2c0f1cf8c..9adffe6fd 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java @@ -75,12 +75,13 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController { // use SAML2 relayState if (sessionId == null) { sessionId = StringEscapeUtils.escapeHtml(request.getParameter("RelayState")); - } + } else + Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id."); // take from InResponseTo attribute of SAMLResponse - if (sessionId == null) { - String base64SamlToken = request.getParameter("SAMLResponse"); - if (base64SamlToken != null && false) { +// if (sessionId == null) { +// String base64SamlToken = request.getParameter("SAMLResponse"); +// if (base64SamlToken != null && false) { // byte[] samlToken = Base64Utils.decode(base64SamlToken, false); // Document samlResponse = parseDocument(new ByteArrayInputStream(samlToken)); // @@ -91,10 +92,10 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController { // XPathExpression expression = xPath.compile("string(/saml2p:Response/@InResponseTo)"); // sessionId = (String) expression.evaluate(samlResponse, XPathConstants.STRING); // sessionId = StringEscapeUtils.escapeHtml(StringUtils.trimToNull(sessionId)); - } else { - Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id."); - } - } +// } else { +// Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id."); +// } +// } } catch (Exception e) { Logger.warn("Unable to retrieve moa session id.", e); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java index 3c33b8d58..563c3a18c 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java @@ -26,6 +26,8 @@ public class EIDASData extends RequestImpl { /** The ip address of the requester. */ private String remoteIPAddress; + private String remoteRelayState; + @Override public Collection<String> getRequestedAttributes() { // TODO Auto-generated method stub @@ -85,4 +87,22 @@ public class EIDASData extends RequestImpl { public void setRemoteAddress(String remoteIP) { remoteIPAddress = remoteIP; } + + /** + * Gets the remote relay state. + * + * @return the remote relay state + */ + public String getRemoteRelayState() { + return remoteRelayState; + } + + /** + * Sets the remote relay state. + * + * @param relayState the new remote relay state + */ + public void setRemoteRelayState(String relayState) { + remoteRelayState = relayState; + } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 83fadb04e..1c0e60c63 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -151,6 +151,10 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { // - memorize remote ip pendingReq.setRemoteAddress(request.getRemoteAddr()); + // - memorize relaystate + String relayState = request.getParameter("RelayState"); + pendingReq.setRemoteRelayState(relayState); + // - memorize country code of target country pendingReq.setGenericDataToSession( RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry()); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java index 557b83487..4e45d2f47 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java @@ -32,6 +32,7 @@ import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import eu.eidas.auth.engine.EIDASSAMLEngine; +import eu.eidas.auth.engine.core.eidas.SPType; import eu.eidas.auth.engine.metadata.MetadataConfigParams; import eu.eidas.auth.engine.metadata.MetadataGenerator; import eu.eidas.engine.exceptions.SAMLEngineException; @@ -64,7 +65,7 @@ public class EidasMetaDataRequest implements IAction { logger.trace(metaData); - httpResp.setContentType(MediaType.TEXT_XML.getType()); + httpResp.setContentType(MediaType.APPLICATION_XML.getType()); httpResp.getWriter().print(metaData); httpResp.flushBuffer(); } catch (Exception e) { @@ -103,16 +104,15 @@ public class EidasMetaDataRequest implements IAction { MetadataConfigParams mcp=new MetadataConfigParams(); generator.setConfigParams(mcp); generator.initialize(engine); - mcp.setEntityID(metadata_url); - String returnUrl = sp_return_url; - mcp.setAssertionConsumerUrl(returnUrl); + mcp.setEntityID(metadata_url); + mcp.setSpType(SPType.DEFAULT_VALUE); + mcp.setAssertionConsumerUrl(sp_return_url); mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial"); // TODO make configurable generator.addSPRole(); generator.addIDPRole(); - metadata = generator.generateMetadata(); return metadata; } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index 4ab587159..d9663092f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -146,7 +146,9 @@ public class eIDASAuthenticationRequest implements IAction { VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html"); VelocityContext context = new VelocityContext(); - + + context.put("RelayState", eidasRequest.getRemoteRelayState()); + context.put("SAMLResponse", token); Logger.debug("SAMLResponse original: " + token); |