diff options
Diffstat (limited to 'id/server')
16 files changed, 319 insertions, 382 deletions
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css index 40e8eae7a..3fc7f934c 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css @@ -6,6 +6,7 @@ background-color : #fff; text-align: left; background-color: #E6E6E6; + font-family: Arial, Helvetica, sans-serif; } .browserInfoButton{ @@ -14,19 +15,18 @@ #page { display: block; - margin: 0 auto; + margin: auto; margin-top: 5%; position: relative; background: rgb(255,255,255); } #page1 { - padding-top: 1%; text-align: center; } #main { - float:left; + padding-top: 2%; width: 100%; text-align: center; } @@ -43,20 +43,24 @@ min-height: 155px; margin-bottom: 5%; } + #mandateLogin { + display:flex; + flex-direction: row; padding-bottom: 1%; padding-top: 2%; + margin-left: 1%; position: relative; - text-align: left; - } + font-size: 0.75em; + } .unvisible { - visibility: hidden; + display:none; } .OA_header { - /* background-color: white;*/ font-size: 2.1em; + padding-top:1%; margin-bottom: 1%; margin-top: 1%; } @@ -73,31 +77,35 @@ } #processSelectionArea { - width: 550px; - margin-left: 25px; - margin-top: 35px; + float:left; + width: 100%; } .processSelectionButtonArea { - float: none; - margin-bottom: 5%; - height: 35px; + width:100%; } .processSelectionButton { background: #ababab; cursor: pointer; - height: 40px; - width: 200px; + height: 40%; + width: 25%; float: right; + padding-top: 1%; + padding-bottom: 1% + } + + #bkuselectionarea { + display:flex; + flex-direction: row; + margin-top: 2%; + text-align:center; } .buttonDescription { - float: left; - margin-left: 10px; - padding-bottom: 0.4em; + width: 62%; + margin-left: 1%; text-align: left; - width: 60%; } #processContent { @@ -109,46 +117,29 @@ margin-right: 5px; } - #bkukarte { - float:left; - width:33%; - text-align:center; - margin-top: 2%; + .bkuimage { + width: 50%; } - #bkuhandy { - float:left; - width:33%; - text-align:center; - margin-top: 2%; + input { + cursor: pointer; } - #bkueulogin { - display:block; - float:left; - text-align:center; - width:33%; - margin-top: 2%; + #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit]{ + font-size: 0.85em; + width:65%; + border:none; + background-color: transparent; } - .bkuimage { - width: 55%; - } + #localBKU input { + display: inline-block; - input { - width:auto; - cursor: pointer; - } - - #localBKU input { - display: inline-block; - - } - #localBKU input:hover, #localBKU input:focus, #localBKU input:active { - /*text-decoration: underline;*/ - } + #localBKU input:hover, #localBKU input:focus, #localBKU input:active { + /*text-decoration: underline;*/ + } #installJava, #BrowserNOK { clear:both; @@ -159,40 +150,26 @@ #ssoSessionTransferBlock { clear: both; - } + } #stork { clear: both; - } - - + } - .verticalcenter { - vertical-align: middle; - } - .mandate{ - float: left; - margin-left: 2%; font-size: 1.3em; } - #mandateLogin div { - clear: both; - margin-top: -1%; - position: relative; - top: 50%; - } #localBKU { padding-bottom: 4%; - /*padding-top: 4%;*/ position: relative; clear: both; text-align: center; } #selectArea { + float:left; width:90%; padding-left: 4% } @@ -204,6 +181,7 @@ width: 70px; height: 25px; } + #leftcontent { width: 70%; margin-bottom: 4%; @@ -211,6 +189,7 @@ border: 1px solid rgb(0,0,0); margin:auto; } + .hell { background-color : $MAIN_BACKGOUNDCOLOR; color: $MAIN_COLOR; @@ -221,12 +200,11 @@ color: $HEADER_COLOR; } - @media screen and (min-width: 650px) { #page { - width: 650px; - height: 460px; + width: 660px; + height: 460px; } #localBKU p { @@ -235,27 +213,12 @@ #localBKU input{ font-size: 0.85em; - /*border-radius: 5px;*/ - } - - #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit]{ - font-size: 0.85em; - width:65% - } - - #mandateLogin { - font-size: 0.85em; - } - - #alert_area { - width: 500px; - padding-left: 80px; - } + } - #selectArea { + #selectArea { font-size: 15px; padding-bottom: 65px; - } + } #stork h2 { font-size: 1.0em; @@ -269,8 +232,7 @@ width: 100px; height: 30px } - - + #validation { position: absolute; bottom: 0px; @@ -280,7 +242,6 @@ } - @media screen and (max-width: 649px) { body { @@ -321,39 +282,27 @@ display: none; visibility: hidden; } - - + h2#tabheader{ font-size: 1.5em; position: relative; } + .mandate{ - font-size: 1.0em; + font-size: 1.2em; } #leftcontent { - float: left; width:auto; border:none; visibility:visible; margin-bottom: 2%; } + .bkuimage { width: 40%; } - - #bkukarte { - box-sizing: border-box; - } - - #bkuhandy { - box-sizing: border-box; - } - - #bkueulogin { - box-sizing: border-box; - } - + .setAssertionButton_full { background: #efefef; cursor: pointer; @@ -365,4 +314,32 @@ input[type=button],input[type=submit] { width:65%; } -}
\ No newline at end of file + + #processInfoArea { + margin-bottom: 4%; + margin-top: 4%; + } + + #processSelectionArea { + flaot:left; + width: 100%; + } + + .processSelectionButton { + flaot:left; + height: 10%; + width: 2%; + } + + .buttonDescription { + float: left; + width: 70%; + text-align: left; + } + + #processContent { + margin-top: 10%; + } + +} + diff --git a/id/server/doc/handbook/additional/additional.html b/id/server/doc/handbook/additional/additional.html index 557f3d528..98656e962 100644 --- a/id/server/doc/handbook/additional/additional.html +++ b/id/server/doc/handbook/additional/additional.html @@ -386,52 +386,52 @@ <td width="1127" valign="top"><p>Identifizierungs- und Authentifizierungsprozess wurde beendet</p></td> </tr> <tr> - <td width="165" valign="top"><p align="center">4002</p></td> + <td width="165" valign="top"><p align="center">4004</p></td> <td width="312" valign="top"><p align="left"> </p></td> <td width="1127" valign="top"><p>Anmeldeprozess mit Online Vollmachten</p></td> </tr> <tr> - <td width="165" valign="top"><p align="center">4003</p></td> + <td width="165" valign="top"><p align="center">4005</p></td> <td width="312" valign="top"><p align="left"> </p></td> <td width="1127" valign="top"><p>Anmeldeprozess mit STORK</p></td> </tr> <tr> - <td width="165" valign="top"><p align="center">4004</p></td> + <td width="165" valign="top"><p align="center">4006</p></td> <td width="312" valign="top"><p align="left"> </p></td> <td width="1127" valign="top"><p>Anmeldeprozess mit Single Sign-On</p></td> </tr> <tr> - <td width="165" valign="top"><p align="center">4005</p></td> + <td width="165" valign="top"><p align="center">4007</p></td> <td width="312" valign="top"><p align="left"> </p></td> <td width="1127" valign="top"><p>Ungültige Single Sign-On Session</p></td> </tr> <tr> - <td width="165" valign="top"><p align="center">4006</p></td> + <td width="165" valign="top"><p align="center">4008</p></td> <td width="312" valign="top"><p align="left"> </p></td> <td width="1127" valign="top"><p>Benutzeranfrage für Single Sign-On Verwendung gestellt</p></td> </tr> <tr> - <td width="165" valign="top"><p align="center">4007</p></td> + <td width="165" valign="top"><p align="center">4009</p></td> <td width="312" valign="top"><p align="left"> </p></td> <td width="1127" valign="top"><p>Benutzerantwort für Single Sign-On Verwendung empfangen</p></td> </tr> <tr> - <td width="165" valign="top"><p align="center">4008</p></td> + <td width="165" valign="top"><p align="center">4010</p></td> <td width="312" valign="top"><p align="left"> </p></td> <td width="1127" valign="top"><p>Anmeldeprozess über IDP Föderation</p></td> </tr> <tr> - <td width="165" valign="top"><p align="center">4009</p></td> + <td width="165" valign="top"><p align="center">4011</p></td> <td width="312" valign="top"><p align="left"> </p></td> <td width="1127" valign="top"><p>Gültige Response von föderiertem IDP erhalten</p></td> </tr> <tr> - <td height="30" valign="top">4010</td> + <td height="30" valign="top">4012</td> <td valign="top">EntityID des IDP</td> <td valign="top">Verwendeter IDP für föderierte Anmeldung</td> </tr> <tr> - <td width="165" valign="top"><p align="center">4011</p></td> + <td width="165" valign="top"><p align="center">4013</p></td> <td width="312" valign="top"><p align="left">Service Identifikator</p></td> <td width="1127" valign="top"><p>Eindeutiger Identifikator der/des Online-Applikation/Service an der/dem die Anmeldung erfolgt</p></td> </tr> diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html index 116e9a078..864337862 100644 --- a/id/server/doc/handbook/config/config.html +++ b/id/server/doc/handbook/config/config.html @@ -635,20 +635,6 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> <p> </p> <h5><a name="basisconfig_moa_id_auth_param_database" id="uebersicht_bekanntmachung3"></a>2.2.2.4 Datenbank </h5> <p>Das Modul MOA-ID-Auth benötigt für den Betrieb zwei (optional drei) separate Datenbank Schema, welche in der Basiskonfiguration konfiguriert werden. Für Beispielkonfiguration wurde mySQL als Datenbank verwendet wodurch sich die Konfigurationsparameter auf mySQL beziehen. Das Modul MOA-ID-Auth kann jedoch auch mit Datenbanken anderer Hersteller oder einer InMemory Datenbank betrieben werden. Hierfür wird jedoch auf die <a href="http://docs.jboss.org/hibernate/core/4.2/manual/en-US/html/">Hibernate Dokumention</a> verwiesen. </p> -<table class="configtable"> - <tr> - <th width="21%">Name</th> - <th width="11%">Beispielwert</th> - <th width="68%">Beschreibung</th> - </tr> - <tr> - <td>configuration.database.byteBasedValues</td> - <td><p>true / false</p></td> - <td><p>Definiert ob Konfigurationswerte als Text oder als Bytes in der Datenbank abgelegt werden. <br> - <strong>Hinweis:</strong> Testbasierte Speicherung kann bei manchen Datenbanksystemen zur problemen führen (z.B. postgreSQL)</p> - <p><strong>Defaultwert:</strong> false</p></td> - </tr> -</table> <p> </p> <h6><a name="basisconfig_moa_id_auth_param_database_conf" id="uebersicht_bekanntmachung12"></a>2.2.2.4.1 Konfiguration</h6> <p>Alle Parameter aus der Basiskonfiguration welche als Prefix <em>configuration.hibernate</em>. im Parameternamen aufweisen konfigurieren den Zugriff auf das Datenbank Schema welches die Konfiguration von MOA-ID-Auth beinhaltet. Eine Konfiguration dieser Parameter ist nicht optional.</p> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java index 05d344fb6..d654eb359 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.advancedlogging; import at.gv.egiz.components.eventlog.api.EventConstants; +import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; /** * @author tlenz @@ -51,18 +52,23 @@ public interface MOAIDEventConstants extends EventConstants { public static final int AUTHPROCESS_SLO_NOT_ALL_VALID = 4403; //authentication process information - public static final int AUTHPROCESS_START = 4000; - public static final int AUTHPROCESS_FINISHED = 4001; - public static final int AUTHPROCESS_MANDATES_REQUESTED = 4002; - public static final int AUTHPROCESS_STORK_REQUESTED = 4003; - public static final int AUTHPROCESS_SSO = 4004; - public static final int AUTHPROCESS_SSO_INVALID = 4005; - public static final int AUTHPROCESS_SSO_ASK_USER_START = 4006; - public static final int AUTHPROCESS_SSO_ASK_USER_FINISHED = 4007; - public static final int AUTHPROCESS_INTERFEDERATION = 4008; - public static final int AUTHPROCESS_INTERFEDERATION_REVEIVED = 4009; - public static final int AUTHPROCESS_INTERFEDERATION_IDP = 4010; - public static final int AUTHPROCESS_SERVICEPROVIDER = 4011; + public static final int AUTHPROCESS_START = IAuthenticationManager.EVENT_AUTHENTICATION_PROCESS_STARTED; + public static final int AUTHPROCESS_FINISHED = IAuthenticationManager.EVENT_AUTHENTICATION_PROCESS_STARTED; + + //reservated + //IAuthenticationManager.EVENT_AUTHENTICATION_PROCESS_ERROR; + //IAuthenticationManager.EVENT_AUTHENTICATION_PROCESS_FOR_SP; + + public static final int AUTHPROCESS_MANDATES_REQUESTED = 4004; + public static final int AUTHPROCESS_STORK_REQUESTED = 4005; + public static final int AUTHPROCESS_SSO = 4006; + public static final int AUTHPROCESS_SSO_INVALID = 4007; + public static final int AUTHPROCESS_SSO_ASK_USER_START = 4008; + public static final int AUTHPROCESS_SSO_ASK_USER_FINISHED = 4009; + public static final int AUTHPROCESS_INTERFEDERATION = 4010; + public static final int AUTHPROCESS_INTERFEDERATION_REVEIVED = 4011; + public static final int AUTHPROCESS_INTERFEDERATION_IDP = 4012; + public static final int AUTHPROCESS_SERVICEPROVIDER = 4013; public static final int AUTHPROCESS_BKUSELECTION_INIT = 4110; public static final int AUTHPROCESS_BKUTYPE_SELECTED = 4111; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index f642cddc7..25235a8fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -26,7 +26,6 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.util.Date; -import java.util.List; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; @@ -95,12 +94,11 @@ public class StatisticLogger implements IStatisticLogger{ @Override - //TODO: update tests!!!! public void internalTesting() throws Exception { - Date expioredate = new Date(new Date().getTime() - 120); - Query query = entityManager.createNamedQuery("getAllEntriesNotBeforeTimeStamp"); - query.setParameter("timeout", expioredate); - List<StatisticLog> result = query.getResultList(); + long testId = 1; + Query query = entityManager.createNamedQuery("getTestEntity"); + query.setParameter("testid", testId); + query.getResultList(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 2c14af463..3e6308bf6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -117,9 +117,12 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder encKeyMap.put(el.getKey(), new X509Certificate(Base64Utils.decode(el.getValue(), false))); Logger.info("Load foreign bPK encryption certificate for sector: " + el.getKey()); - } catch (Exception e) { - Logger.warn("Can NOT load foreign bPK encryption certificate for sector: \" + el.getKey()", e); - + } catch (Exception e) { + if (Logger.isDebugEnabled()) + Logger.warn("Can NOT load foreign bPK encryption certificate for sector: " + el.getKey(), e); + else + Logger.info("Can NOT load foreign bPK encryption certificate for sector: " + el.getKey()); + } } @@ -134,7 +137,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException | EAAFBuilderException e) { Logger.warn("Can not build authentication data from session information"); - throw new EAAFAuthenticationException("builder.11", new Object[]{}, e); + throw new EAAFAuthenticationException("builder.11", new Object[]{e.getMessage()}, e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java index b42a1de28..19f865325 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java @@ -67,7 +67,7 @@ public class AuthnRequestValidator implements IAuthnRequestValidator { if(useMandate.equals("true") && attributeConsumer != null) { if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) { MandateAttributesNotHandleAbleException e = new MandateAttributesNotHandleAbleException(); - throw new AuthnRequestValidatorException(e.getErrorId(), e.getParams(), e.getMessage(), pendingReq, e); + throw new AuthnRequestValidatorException(e.getErrorId(), e.getParams(), pendingReq, e); } } } diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml index 6f32926e0..26fd1f986 100644 --- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml @@ -84,13 +84,7 @@ <bean id="MOASAML2SubjectNameIDGenerator" class="at.gv.egovernment.moa.id.auth.builder.MOAIDSubjectNameIdGenerator" /> - -<!-- <bean id="taskExecutor" class="org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor"> - <property name="corePoolSize" value="5" /> - <property name="maxPoolSize" value="10" /> - <property name="queueCapacity" value="25" /> - </bean> --> - + <!-- Authentication Process Tasks --> <bean id="GenerateBKUSelectionFrameTask" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenerateBKUSelectionFrameTask" @@ -119,7 +113,7 @@ <beans profile="advancedLogOff"> <bean id="StatisticLogger" - class="at.gv.egovernment.moa.id.advancedlogging.DummyStatisticLogger"/> + class="at.gv.egiz.eaaf.core.impl.logging.DummyStatisticLogger"/> </beans> </beans> diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 66b9be341..3b636aaee 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -54,6 +54,9 @@ auth.33=Federated authentication FAILED. Configuration of IDP {0} does not allow auth.34=Federated authentication FAILED. Configuration of IDP {0} is marked as BusinessService-IDP, but Public-Service attributes are requested.
auth.35=Der Anmeldevorgang wurde automatisiert abgebrochen, da der Benutzer nicht für dieses Onlineapplikation berechtigt ist.
auth.36=Der Anmeldevorgang wurde automatisiert abgebrochen, da der gew\u00E4hlte Authentifizierungsprozess nicht mehr zur Verf\u00FCgung steht. (Msg:{0})
+auth.37=Requested bPK-Target: {0} does not match allowed targets for service provider: {1}
+auth.38=Passive authentication was requested but user as no active session
+
init.00=MOA-ID-Auth wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
@@ -62,6 +65,9 @@ init.04=Fehler beim Datenbankzugriff mit der SessionID {0} internal.00=W\u00e4hrend des Anmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Anmeldeprozess aus sicherheitsgr\u00FCnden abgebrochen wurde.
internal.01=W\u00e4hrend des Abmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Abmeldeprozess abgebrochen wurde.
+internal.02=Internal error. Can not access data cache.
+internal.03=Internal error. Can not initialize a cryptographic method.
+internal.04=Internal error. Can not access data cache (Reason: {0}).
config.00=MOA ID Konfiguration erfolgreich geladen: {0}
config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt
@@ -81,7 +87,7 @@ config.14=LoginParameterResolver-Fehler: {0} config.15=Das Personenbindungs-Trust-Profil (TrustProfileID \= {0}) darf nicht f\u00FCr die Verifikation anderer Infoboxen verwendet werden.
config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionParameter im allgemeinen Konfigurationsteil der MOA-ID-PROXY Konfigurationsdatei fehlt.
config.17=Fehler beim initialisieren von Hibernate
-config.18=Keine MOA-ID 2.x Konfiguration gefunden.
+config.18=Keine MOA-ID 2.x Konfiguration unter {0} gefunden.
config.19=Kein Schl\u00FCssel f\u00FCr die Resignierung der Personenbindung gefunden.
config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt
config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterlegt.
@@ -93,6 +99,7 @@ config.26=Federated IDP {0} contains no AttributeQuery URL. config.27=Fehler beim Verarbeiten eines Konfigurationsparameters. Msg:{0}
config.28=Fehler beim initialisieren des SSL-TrustManagers. Zertifikat {0} kann nicht geladen werden; Ursache: {1}
config.29=Fehler beim initialisieren des SSL-TrustManagers. TrustStore: {0} | Ursache: {1}
+config.30=External configuration not found. File: {0}
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
@@ -307,6 +314,9 @@ pvp2.22=Der Request konnte nicht g\u00FCltig validiert werden (Fehler\={0}). pvp2.23={0} ist keine gueltige AssertionConsumerServiceURL oder entspricht nicht den Metadaten.
pvp2.24=Der Request konnte nicht verarbeitet werden (Fehler\={0}).
pvp2.25=Fehler beim Validieren der PVP2 Metadaten
+pvp2.26=SAML2 metadata validation failed. Reason: {0}
+pvp2.27=General error during SAML2 metadata generation
+pvp2.28=Validation of SAML2 Authn. request failed. Reason: AssertionConsumerServiceIndex {0} is not valid.
##add status codes!!!!
@@ -343,8 +353,8 @@ slo.03=Der Single LogOut Prozess konnte nicht weitergef\u00FChrt oder abgeschlos process.01=Fehler beim Ausf\u00FChren des Prozesses.
process.02=Fehler beim Erstellen eines geeigneten Prozesses f\u00FCr die SessionID {0}.
-process.03=Fehler beim Weiterf\u00FChren es Prozesses. Msg:{0}
-process.03=Fehler beim Ausf\u00FChren des Prozesses. Interner state ung\u00FCltig.
+process.03=Fehler beim Weiterf\u00FChren des Prozesses. Msg:{0}
+process.04=Fehler beim Ausf\u00FChren des Prozesses. Interner state ung\u00FCltig.
sl20.00=Allgemeiner Fehler w\u00e4hrend SL2.0 Authentifizierung. Msg: {0}
sl20.01=Fehler beim Generieren des SL2.0 Kommandos. Msg: {0}
diff --git a/id/server/idserverlib/src/main/resources/session.common.beans.xml b/id/server/idserverlib/src/main/resources/session.common.beans.xml index bd3db0a5e..2591879cd 100644 --- a/id/server/idserverlib/src/main/resources/session.common.beans.xml +++ b/id/server/idserverlib/src/main/resources/session.common.beans.xml @@ -33,22 +33,7 @@ <property name="validationQuery" value="${moasession.dbcp.validationQuery}" /> </bean> -<!-- <bean id="sessionSessionFactory" class="org.springframework.orm.hibernate5.LocalSessionFactoryBean"> - <property name="dataSource" ref="sessionDataSource"/> - <property name="packagesToScan" value="at.gv.egovernment.moa.id.commons.db.dao.session" /> - <property name="hibernateProperties"> - <props> - <prop key="hibernate.dialect">${moasession.hibernate.dialect}</prop> - <prop key="hibernate.show_sql">${moasession.hibernate.show_sql}</prop> - <prop key="hibernate.hbm2ddl.auto">${moasession.hibernate.hbm2ddl.auto}</prop> - <prop key="current_session_context_class">${moasession.hibernate.current_session_context_class}</prop> - <prop key="hibernate.transaction.flush_before_completion">${moasession.hibernate.transaction.flush_before_completion}</prop> - <prop key="hibernate.transaction.auto_close_session">${moasession.hibernate.transaction.auto_close_session}</prop> - </props> - </property> - </bean> --> - - <!-- MYSQL Conector --> + <!-- MYSQL Connector --> <tx:annotation-driven transaction-manager="sessionTransactionManager"/> <bean id="sessionJpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"> @@ -68,6 +53,4 @@ <property name="entityManagerFactory" ref="session" /> </bean> - <!-- bean id="moaSessionDBUtils" class="at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils"/--> - </beans>
\ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java index ba48f8caf..d98444c87 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java @@ -34,15 +34,13 @@ import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; import javax.persistence.Table; -import org.hibernate.annotations.DynamicUpdate; - @Entity //@DynamicUpdate(value=true) @Table(name = "statisticlog") @NamedQueries({ - @NamedQuery(name="getAllEntriesNotBeforeTimeStamp", query = "select statisiclog from StatisticLog statisiclog where statisiclog.timestamp > :timeout") + @NamedQuery(name="getTestEntity", query = "select statisiclog from StatisticLog statisiclog where statisiclog.id = :testid") }) public class StatisticLog implements Serializable{ diff --git a/id/server/moa-id-commons/src/main/resources/statistic.logging.beans.xml b/id/server/moa-id-commons/src/main/resources/statistic.logging.beans.xml index 9b00ff3cd..96808f2c5 100644 --- a/id/server/moa-id-commons/src/main/resources/statistic.logging.beans.xml +++ b/id/server/moa-id-commons/src/main/resources/statistic.logging.beans.xml @@ -32,26 +32,7 @@ <property name="testWhileIdle" value="${advancedlogging.dbcp.testWhileIdle}" /> <property name="validationQuery" value="${advancedlogging.dbcp.validationQuery}" /> </bean> - -<!-- <bean id="statisticLogSessionFactory" class="org.springframework.orm.hibernate5.LocalSessionFactoryBean"> - <property name="dataSource" ref="statisticLogDataSource"/> - <property name="packagesToScan" value="at.gv.egovernment.moa.id.commons.db.dao.statistic" /> - <property name="hibernateProperties"> - - <props> - <prop key="hibernate.dialect">${advancedlogging.hibernate.dialect}</prop> - <prop key="hibernate.show_sql">${advancedlogging.hibernate.show_sql}</prop> - <prop key="hibernate.hbm2ddl.auto">${advancedlogging.hibernate.hbm2ddl.auto}</prop> - <prop key="current_session_context_class">${advancedlogging.hibernate.current_session_context_class}</prop> - <prop key="hibernate.transaction.flush_before_completion">${advancedlogging.hibernate.transaction.flush_before_completion}</prop> - <prop key="hibernate.transaction.auto_close_session">${advancedlogging.hibernate.transaction.auto_close_session}</prop> - </props> - </property> - </bean> --> - - - <!-- bean id="statisticLogDBUtils" class="at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils"/--> - + <bean name="statisticLogTransactionManager" id="statisticLogTransactionManager" class="org.springframework.orm.jpa.JpaTransactionManager"> <property name="entityManagerFactory" ref="statistic" /> </bean> diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java index 248bde700..8e4e7e5b3 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java @@ -62,7 +62,7 @@ public class FormBuildUtils { defaultmap.put(PARAM_MAIN_BACKGROUNDCOLOR, "#F7F8F7"); defaultmap.put(PARAM_MAIN_COLOR, "#000000"); - defaultmap.put(PARAM_HEADER_BACKGROUNDCOLOR, "#C3D2E2"); + defaultmap.put(PARAM_HEADER_BACKGROUNDCOLOR, "#F7F8F7"); defaultmap.put(PARAM_HEADER_COLOR, "#000000"); defaultmap.put(PARAM_HEADER_TEXT, "Login"); @@ -70,7 +70,7 @@ public class FormBuildUtils { defaultmap.put(PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS, "#EBEBEB"); defaultmap.put(PARAM_BUTTON_COLOR, "#000000"); - defaultmap.put(PARAM_FONTFAMILY, "Verdana,Geneva,Arial,sans-serif"); + defaultmap.put(PARAM_FONTFAMILY, "Arial,Helvetica,sans-serif"); defaultmap.put(PARAM_REDIRECTTARGET, "_top"); } diff --git a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small.png b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small.png Binary files differindex 6c785bf06..7d8b10c37 100644 --- a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small.png +++ b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small.png diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css index 40e8eae7a..3fc7f934c 100644 --- a/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css @@ -6,6 +6,7 @@ background-color : #fff; text-align: left; background-color: #E6E6E6; + font-family: Arial, Helvetica, sans-serif; } .browserInfoButton{ @@ -14,19 +15,18 @@ #page { display: block; - margin: 0 auto; + margin: auto; margin-top: 5%; position: relative; background: rgb(255,255,255); } #page1 { - padding-top: 1%; text-align: center; } #main { - float:left; + padding-top: 2%; width: 100%; text-align: center; } @@ -43,20 +43,24 @@ min-height: 155px; margin-bottom: 5%; } + #mandateLogin { + display:flex; + flex-direction: row; padding-bottom: 1%; padding-top: 2%; + margin-left: 1%; position: relative; - text-align: left; - } + font-size: 0.75em; + } .unvisible { - visibility: hidden; + display:none; } .OA_header { - /* background-color: white;*/ font-size: 2.1em; + padding-top:1%; margin-bottom: 1%; margin-top: 1%; } @@ -73,31 +77,35 @@ } #processSelectionArea { - width: 550px; - margin-left: 25px; - margin-top: 35px; + float:left; + width: 100%; } .processSelectionButtonArea { - float: none; - margin-bottom: 5%; - height: 35px; + width:100%; } .processSelectionButton { background: #ababab; cursor: pointer; - height: 40px; - width: 200px; + height: 40%; + width: 25%; float: right; + padding-top: 1%; + padding-bottom: 1% + } + + #bkuselectionarea { + display:flex; + flex-direction: row; + margin-top: 2%; + text-align:center; } .buttonDescription { - float: left; - margin-left: 10px; - padding-bottom: 0.4em; + width: 62%; + margin-left: 1%; text-align: left; - width: 60%; } #processContent { @@ -109,46 +117,29 @@ margin-right: 5px; } - #bkukarte { - float:left; - width:33%; - text-align:center; - margin-top: 2%; + .bkuimage { + width: 50%; } - #bkuhandy { - float:left; - width:33%; - text-align:center; - margin-top: 2%; + input { + cursor: pointer; } - #bkueulogin { - display:block; - float:left; - text-align:center; - width:33%; - margin-top: 2%; + #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit]{ + font-size: 0.85em; + width:65%; + border:none; + background-color: transparent; } - .bkuimage { - width: 55%; - } + #localBKU input { + display: inline-block; - input { - width:auto; - cursor: pointer; - } - - #localBKU input { - display: inline-block; - - } - #localBKU input:hover, #localBKU input:focus, #localBKU input:active { - /*text-decoration: underline;*/ - } + #localBKU input:hover, #localBKU input:focus, #localBKU input:active { + /*text-decoration: underline;*/ + } #installJava, #BrowserNOK { clear:both; @@ -159,40 +150,26 @@ #ssoSessionTransferBlock { clear: both; - } + } #stork { clear: both; - } - - + } - .verticalcenter { - vertical-align: middle; - } - .mandate{ - float: left; - margin-left: 2%; font-size: 1.3em; } - #mandateLogin div { - clear: both; - margin-top: -1%; - position: relative; - top: 50%; - } #localBKU { padding-bottom: 4%; - /*padding-top: 4%;*/ position: relative; clear: both; text-align: center; } #selectArea { + float:left; width:90%; padding-left: 4% } @@ -204,6 +181,7 @@ width: 70px; height: 25px; } + #leftcontent { width: 70%; margin-bottom: 4%; @@ -211,6 +189,7 @@ border: 1px solid rgb(0,0,0); margin:auto; } + .hell { background-color : $MAIN_BACKGOUNDCOLOR; color: $MAIN_COLOR; @@ -221,12 +200,11 @@ color: $HEADER_COLOR; } - @media screen and (min-width: 650px) { #page { - width: 650px; - height: 460px; + width: 660px; + height: 460px; } #localBKU p { @@ -235,27 +213,12 @@ #localBKU input{ font-size: 0.85em; - /*border-radius: 5px;*/ - } - - #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit]{ - font-size: 0.85em; - width:65% - } - - #mandateLogin { - font-size: 0.85em; - } - - #alert_area { - width: 500px; - padding-left: 80px; - } + } - #selectArea { + #selectArea { font-size: 15px; padding-bottom: 65px; - } + } #stork h2 { font-size: 1.0em; @@ -269,8 +232,7 @@ width: 100px; height: 30px } - - + #validation { position: absolute; bottom: 0px; @@ -280,7 +242,6 @@ } - @media screen and (max-width: 649px) { body { @@ -321,39 +282,27 @@ display: none; visibility: hidden; } - - + h2#tabheader{ font-size: 1.5em; position: relative; } + .mandate{ - font-size: 1.0em; + font-size: 1.2em; } #leftcontent { - float: left; width:auto; border:none; visibility:visible; margin-bottom: 2%; } + .bkuimage { width: 40%; } - - #bkukarte { - box-sizing: border-box; - } - - #bkuhandy { - box-sizing: border-box; - } - - #bkueulogin { - box-sizing: border-box; - } - + .setAssertionButton_full { background: #efefef; cursor: pointer; @@ -365,4 +314,32 @@ input[type=button],input[type=submit] { width:65%; } -}
\ No newline at end of file + + #processInfoArea { + margin-bottom: 4%; + margin-top: 4%; + } + + #processSelectionArea { + flaot:left; + width: 100%; + } + + .processSelectionButton { + flaot:left; + height: 10%; + width: 2%; + } + + .buttonDescription { + float: left; + width: 70%; + text-align: left; + } + + #processContent { + margin-top: 10%; + } + +} + diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index 42783468d..a02f86376 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -61,71 +61,75 @@ public class JsonSecurityUtils implements IJOSETools{ protected void initalize() { Logger.info("Initialize SL2.0 authentication security constrains ... "); try { - KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), - getKeyStorePassword()); - - //load signing key - signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray()); - Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias()); - signCertChain = new X509Certificate[certChainSigning.length]; - for (int i=0; i<certChainSigning.length; i++) { - if (certChainSigning[i] instanceof X509Certificate) { - signCertChain[i] = (X509Certificate)certChainSigning[i]; - } else - Logger.warn("NO X509 certificate for signing: " + certChainSigning[i].getType()); + if (getKeyStoreFilePath() != null) { + KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), + getKeyStorePassword()); - } - - //load encryption key - try { - encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray()); - if (encPrivKey != null) { - Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias()); - encCertChain = new X509Certificate[certChainEncryption.length]; - for (int i=0; i<certChainEncryption.length; i++) { - if (certChainEncryption[i] instanceof X509Certificate) { - encCertChain[i] = (X509Certificate)certChainEncryption[i]; - } else - Logger.warn("NO X509 certificate for encryption: " + certChainEncryption[i].getType()); - } - } else - Logger.info("No encryption key for SL2.0 found. End-to-End encryption is not used."); + //load signing key + signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray()); + Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias()); + signCertChain = new X509Certificate[certChainSigning.length]; + for (int i=0; i<certChainSigning.length; i++) { + if (certChainSigning[i] instanceof X509Certificate) { + signCertChain[i] = (X509Certificate)certChainSigning[i]; + } else + Logger.warn("NO X509 certificate for signing: " + certChainSigning[i].getType()); + + } - } catch (Exception e) { - Logger.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " + e.getMessage(), e); - - } + //load encryption key + try { + encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray()); + if (encPrivKey != null) { + Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias()); + encCertChain = new X509Certificate[certChainEncryption.length]; + for (int i=0; i<certChainEncryption.length; i++) { + if (certChainEncryption[i] instanceof X509Certificate) { + encCertChain[i] = (X509Certificate)certChainEncryption[i]; + } else + Logger.warn("NO X509 certificate for encryption: " + certChainEncryption[i].getType()); + } + } else + Logger.info("No encryption key for SL2.0 found. End-to-End encryption is not used."); + + } catch (Exception e) { + Logger.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " + e.getMessage(), e); - //load trusted certificates - Enumeration<String> aliases = keyStore.aliases(); - while(aliases.hasMoreElements()) { - String el = aliases.nextElement(); - Logger.trace("Process TrustStoreEntry: " + el); - if (keyStore.isCertificateEntry(el)) { - Certificate cert = keyStore.getCertificate(el); - if (cert != null && cert instanceof X509Certificate) - trustedCerts.add((X509Certificate) cert); - else - Logger.info("Can not process entry: " + el + ". Reason: " + cert.toString()); + } + + //load trusted certificates + Enumeration<String> aliases = keyStore.aliases(); + while(aliases.hasMoreElements()) { + String el = aliases.nextElement(); + Logger.trace("Process TrustStoreEntry: " + el); + if (keyStore.isCertificateEntry(el)) { + Certificate cert = keyStore.getCertificate(el); + if (cert != null && cert instanceof X509Certificate) + trustedCerts.add((X509Certificate) cert); + else + Logger.info("Can not process entry: " + el + ". Reason: " + cert.toString()); + + } + } + + //some short validation + if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) { + Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); + throw new SL20Exception("sl20.03", new Object[]{"Can NOT open private key for signing"}); } - } - - //some short validation - if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) { - Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); - throw new SL20Exception("sl20.03", new Object[]{"Can NOT open private key for signing"}); - } - - if (signCertChain == null || signCertChain.length == 0) { - Logger.info("NO certificate for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); - throw new SL20Exception("sl20.03", new Object[]{"NO certificate for SL2.0 signing"}); + if (signCertChain == null || signCertChain.length == 0) { + Logger.info("NO certificate for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); + throw new SL20Exception("sl20.03", new Object[]{"NO certificate for SL2.0 signing"}); + + } - } - - Logger.info("SL2.0 authentication security constrains initialized."); - + Logger.info("SL2.0 authentication security constrains initialized."); + + } else + Logger.info("NO SL2.0 authentication security configuration. Initialization was skipped"); + } catch ( Exception e) { Logger.error("SL2.0 security constrains initialization FAILED.", e); @@ -332,28 +336,48 @@ public class JsonSecurityUtils implements IJOSETools{ } private String getKeyStorePassword() { - return authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD).trim(); + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD); + if (value != null) + value = value.trim(); + + return value; } private String getSigningKeyAlias() { - return authConfig.getBasicConfiguration( + String value = authConfig.getBasicConfiguration( Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim(); + if (value != null) + value = value.trim(); + + return value; } private String getSigningKeyPassword() { - return authConfig.getBasicConfiguration( + String value = authConfig.getBasicConfiguration( Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim(); + if (value != null) + value = value.trim(); + + return value; } private String getEncryptionKeyAlias() { - return authConfig.getBasicConfiguration( + String value = authConfig.getBasicConfiguration( Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS).trim(); + if (value != null) + value = value.trim(); + + return value; } private String getEncryptionKeyPassword() { - return authConfig.getBasicConfiguration( + String value = authConfig.getBasicConfiguration( Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD).trim(); + if (value != null) + value = value.trim(); + + return value; } } |
