aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
Diffstat (limited to 'id/server')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java32
1 files changed, 17 insertions, 15 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 762d9af2c..bc3b30334 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -288,15 +288,16 @@ public class CreateXMLSignatureResponseValidator {
}
if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
String samlSpecialText = (String)samlAttribute.getValue();
+ samlSpecialText = samlSpecialText.replaceAll("'", "'");
- String text = "";
- try {
+ String text = "";
+ try {
OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText()))
Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
- } catch (ConfigurationException e) {
- Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
- }
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ }
String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
@@ -516,22 +517,23 @@ public class CreateXMLSignatureResponseValidator {
}
if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
String samlSpecialText = (String)samlAttribute.getValue();
+ samlSpecialText = samlSpecialText.replaceAll("'", "'");
- String text = "";
- try {
- if (MiscUtil.isNotEmpty(text = AuthConfigurationProvider.getInstance().getSSOSpecialText()))
+ String text = "";
+ try {
+ if (MiscUtil.isNotEmpty(text = AuthConfigurationProvider.getInstance().getSSOSpecialText()))
Logger.info("Use addional AuthBlock Text from SSO=" +text);
else
text = new String();
- } catch (ConfigurationException e) {
- Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e);
- }
+ } catch (ConfigurationException e) {
+ Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e);
+ }
- String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
- if (!samlSpecialText.equals(specialText)) {
- throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
- }
+ String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, identityLink.getName(), identityLink.getDateOfBirth(), identityLink.getIssueInstant());
+ if (!samlSpecialText.equals(specialText)) {
+ throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
+ }
} else {
throw new ValidateException("validator.35", null);
}