diff options
Diffstat (limited to 'id/server')
6 files changed, 84 insertions, 75 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 4b3995105..3d38efa9f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -2,6 +2,7 @@ package at.gv.egovernment.moa.id.auth; import iaik.asn1.ObjectID; +import iaik.util.logging.Log; import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; @@ -250,16 +251,27 @@ public class AuthenticationServer implements MOAIDAuthConstants { String infoboxReadRequest = ""; + String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim(); + if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { + //do not use SSO if no Target is set + Log.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); + session.setSsoRequested(false); + + } + if (session.isSsoRequested()) { //load identityLink with SSO Target boolean isbuisness = false; - String domainIdentifier = ""; - IdentificationNumber ssobusiness = AuthConfigurationProvider.getInstance().getSSOBusinessService(); - if (ssobusiness != null) { + + if (domainIdentifier.startsWith(PREFIX_WPBK)) { + + isbuisness = false; + + } else { isbuisness = true; - domainIdentifier = ssobusiness.getValue(); + } - + //build ReadInfobox request infoboxReadRequest = new InfoboxReadRequestBuilder().build( isbuisness, domainIdentifier); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index f555cfb9a..060dc2248 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -104,6 +104,8 @@ public interface MOAIDAuthConstants { // /** the number of the certifcate extension for party organ representatives */ // public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; + public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; + /** OW */ public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index 3432a19b1..dc5ec430e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -136,27 +136,6 @@ public class ConfigurationProvider { } /** - * Returns the mapping of generic configuration properties. - * - * @return The mapping of generic configuration properties (a name to value - * mapping) from the configuration. - */ - public Map<String, String> getGenericConfiguration() { - return genericConfiguration; - } - - /** - * Returns the value of a parameter from the generic configuration section. - * - * @return the parameter value; <code>null</code> if no such parameter - */ - public String getGenericConfigurationParameter(String parameter) { - if (! genericConfiguration.containsKey(parameter)) - return null; - return (String)genericConfiguration.get(parameter); - } - - /** * Return the chaining mode for a given trust anchor. * * @param trustAnchor The trust anchor for which the chaining mode should be diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 1804b5fd5..304b63de0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -519,6 +519,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { if (protocols.getSAML1() != null) { allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive()); + + //load alternative sourceID + if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID())) + alternativesourceid = protocols.getSAML1().getSourceID(); + } if (protocols.getOAuth() != null) { @@ -562,8 +567,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } //set alternativeSourceID - if (auth.getGeneralConfiguration() != null) - alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); + if (auth.getGeneralConfiguration() != null) + + //TODO: can be removed in a further version, because it is moved to SAML1 config + if (MiscUtil.isEmpty(alternativesourceid)) + alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); // sets the authentication session and authentication data time outs BigInteger param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated(); @@ -744,7 +752,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } public ProtocolAllowed getAllowedProtocols() { - return this.allowedProtcols; + return allowedProtcols; } public PVP2 getGeneralPVP2DBConfig() { @@ -895,27 +903,27 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } } - public boolean isSSOBusinessService() throws ConfigurationException { - - if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) - return true; - else - return false; - } +// public boolean isSSOBusinessService() throws ConfigurationException { +// +// if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) +// return true; +// else +// return false; +// } - public IdentificationNumber getSSOBusinessService() throws ConfigurationException { + public String getSSOTagetIdentifier() throws ConfigurationException { if (ssoconfig != null) - return ssoconfig.getIdentificationNumber(); + return ssoconfig.getTarget(); else return null; } - public String getSSOTarget() throws ConfigurationException { - if (ssoconfig!= null) - return ssoconfig.getTarget(); - - return null; - } +// public String getSSOTarget() throws ConfigurationException { +// if (ssoconfig!= null) +// return ssoconfig.getTarget(); +// +// return null; +// } public String getSSOFriendlyName() { if (ssoconfig!= null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index f515ea6bd..7ecd7dde8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -58,11 +58,13 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAuth; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; @@ -141,11 +143,7 @@ public class BuildFromLegacyConfig { //Load generic Config Map<String, String> genericConfiguration = builder.buildGenericConfiguration(); GeneralConfiguration authGeneral = new GeneralConfiguration(); - - if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID)) - authGeneral.setAlternativeSourceID( - (String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID)); - + if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)) authGeneral.setTrustManagerRevocationChecking( Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))); @@ -179,6 +177,19 @@ public class BuildFromLegacyConfig { final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); prot_legacy.setProtocolName(PROTOCOLS_LEGACY_ALLOWED); + //set SAML1 config + SAML1 saml1 = new SAML1(); + saml1.setIsActive(true); + if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID)) + saml1.setSourceID((String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID)); + auth_protocols.setSAML1(saml1); + + //set OAuth config + OAuth oauth = new OAuth(); + oauth.setIsActive(true); + auth_protocols.setOAuth(oauth); + + //set PVP2.1 config PVP2 prot_pvp2 = new PVP2(); auth_protocols.setPVP2(prot_pvp2); prot_pvp2.setPublicURLPrefix("https://...."); @@ -188,7 +199,7 @@ public class BuildFromLegacyConfig { prot_pvp2.setOrganization(pvp2_org); pvp2_org.setDisplayName("OrganisationDisplayName"); pvp2_org.setName("OrganisatioName"); - pvp2_org.setURL("http://www.egiz.gv.at"); + pvp2_org.setURL("http://testorganisation.at"); List<Contact> pvp2_contacts = new ArrayList<Contact>(); prot_pvp2.setContact(pvp2_contacts); @@ -357,7 +368,6 @@ public class BuildFromLegacyConfig { // oa_auth.setUseIFrame(false); // oa_auth.setUseUTC(oa.getUseUTC()); - //BKUURLs BKUURLS bkuurls = new BKUURLS(); bkuurls.setOnlineBKU(oldbkuonline); diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 33ad5c990..7944a7321 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -79,8 +79,8 @@ </xsd:simpleType> <xsd:complexType name="StorkAttribute"> <xsd:sequence> - <xsd:element name="name" type="xsd:string"></xsd:element> - <xsd:element name="mandatory" type="xsd:boolean"></xsd:element> + <xsd:element name="name" type="xsd:string"/> + <xsd:element name="mandatory" type="xsd:boolean"/> </xsd:sequence> </xsd:complexType> <xsd:simpleType name="LoginType"> @@ -281,6 +281,9 @@ <xsd:sequence> <xsd:element name="SAML1" minOccurs="0"> <xsd:complexType> + <xsd:sequence> + <xsd:element name="SourceID" type="xsd:string" minOccurs="0" maxOccurs="1"/> + </xsd:sequence> <xsd:attribute name="isActive" type="xsd:boolean" default="false"/> </xsd:complexType> </xsd:element> @@ -860,10 +863,10 @@ <xsd:element ref="SAMLSigningParameter"/> </xsd:sequence> <xsd:sequence> - <xsd:element ref="QualityAuthenticationAssuranceLevel" minOccurs="0" /> + <xsd:element ref="QualityAuthenticationAssuranceLevel" minOccurs="0"/> </xsd:sequence> <xsd:sequence> - <xsd:element ref="Attributes" maxOccurs="unbounded" minOccurs="0" /> + <xsd:element ref="Attributes" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:choice> </xsd:complexType> @@ -926,15 +929,14 @@ </xsd:sequence> </xsd:complexType> </xsd:element> - <xsd:element name="OA_STORK"> - <xsd:complexType> + <xsd:element name="OA_STORK"> + <xsd:complexType> <xsd:sequence> - <xsd:element name="StorkLogonEnabled" - type="xsd:boolean" /> - <xsd:element ref="Qaa" maxOccurs="1" minOccurs="0"></xsd:element> - <xsd:element ref="OAAttributes" maxOccurs="unbounded" minOccurs="0"></xsd:element> + <xsd:element name="StorkLogonEnabled" type="xsd:boolean"/> + <xsd:element ref="Qaa" minOccurs="0" maxOccurs="1"/> + <xsd:element ref="OAAttributes" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> - </xsd:complexType> + </xsd:complexType> </xsd:element> <xsd:element name="Contact"> <xsd:complexType> @@ -997,17 +999,13 @@ <xsd:element name="OnlyMandateLoginAllowed" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/> </xsd:sequence> </xsd:complexType> - - <xsd:element name="Attributes" type="StorkAttribute"></xsd:element> - - <xsd:element name="Qaa" type="QualityAuthenticationAssuranceLevelType"></xsd:element> - - <xsd:complexType name="OAStorkAttribute"> - <xsd:sequence> - <xsd:element name="mandatory" type="xsd:boolean"></xsd:element> - <xsd:element name="name" type="xsd:string"></xsd:element> - </xsd:sequence> - </xsd:complexType> - - <xsd:element name="OAAttributes" type="OAStorkAttribute"></xsd:element> + <xsd:element name="Attributes" type="StorkAttribute"/> + <xsd:element name="Qaa" type="QualityAuthenticationAssuranceLevelType"/> + <xsd:complexType name="OAStorkAttribute"> + <xsd:sequence> + <xsd:element name="mandatory" type="xsd:boolean"/> + <xsd:element name="name" type="xsd:string"/> + </xsd:sequence> + </xsd:complexType> + <xsd:element name="OAAttributes" type="OAStorkAttribute"/> </xsd:schema> |