diff options
Diffstat (limited to 'id/server')
10 files changed, 203 insertions, 87 deletions
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html index a411663b2..4d4529730 100644 --- a/id/server/auth/src/main/webapp/index.html +++ b/id/server/auth/src/main/webapp/index.html @@ -14,7 +14,7 @@ </tr>
</table>
<hr/>
- <p class="title">MOA-ID 2.1.0-RC3</p>
+ <p class="title">MOA-ID 2.1.0</p>
<hr/>
<h1>Inhalt</h1>
<ol>
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml index 14acd54f2..9759f1ac5 100644 --- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml +++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml @@ -65,6 +65,18 @@ </cfg:DatabaseArchive> </cfg:Archive> </cfg:Archiving> + <cfg:CrlRetentionIntervals> + <!-- Retention Intervall (5 Jahre) fuer a-sign-corporate-light-03, damit Personenbindung trotz abgelaufenem Personenbindungszertifikat pruefbar bleibt --> + <cfg:CA> + <cfg:X509IssuerName>CN=a-sign-corporate-light-03,OU=a-sign-corporate-light-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</cfg:X509IssuerName> + <cfg:Interval>1825</cfg:Interval> + </cfg:CA> + <!-- Retention Intervall (5 Jahre) fuer a-sign-corporate-light-02, damit Personenbindung trotz abgelaufenem Personenbindungszertifikat pruefbar bleibt --> + <cfg:CA> + <cfg:X509IssuerName>CN=a-sign-corporate-light-02,OU=a-sign-corporate-light-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</cfg:X509IssuerName> + <cfg:Interval>1825</cfg:Interval> + </cfg:CA> + </cfg:CrlRetentionIntervals> </cfg:RevocationChecking> </cfg:CertificateValidation> <cfg:VerifyTransformsInfoProfile> diff --git a/id/server/doc/handbook/protocol/idp_metadata.xml b/id/server/doc/handbook/protocol/idp_metadata.xml index 2d2990917..e8915332e 100644 --- a/id/server/doc/handbook/protocol/idp_metadata.xml +++ b/id/server/doc/handbook/protocol/idp_metadata.xml @@ -1,18 +1,18 @@ -<md:EntitiesDescriptor ID="_8e844196b97a91dc47f59577edc2d2b7" Name="MOA-ID 2.0 Demo IDP (Version: 2.0-RC3)" validUntil="2014-03-26T11:34:06.707Z"> +<md:EntitiesDescriptor ID="_c0303e3081ac29bb8329cade76279069" Name="MOA-ID 2.0 Demo IDP (Version: 2.1.0)" validUntil="2014-07-04T11:23:29.736Z"> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> - <ds:Reference URI="#_8e844196b97a91dc47f59577edc2d2b7"> + <ds:Reference URI="#_c0303e3081ac29bb8329cade76279069"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> - <ds:DigestValue>YPy6KJGNTbmKTzmLbQ3wsDhGgz8ktuUjud19b9xoHe0=</ds:DigestValue> + <ds:DigestValue>IjxuoZphYVmZdZ5HfoVDr35r2b1V840+SMeC89IO/SQ=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> - <ds:SignatureValue>Zg4iaALZ/pNrthme8PaH5iiWZQ+ay30oC14RJab99im9atRDd6tb5RGmmuKY0KXpxetHUnBp5yA8I2Oh+tUuaq4Vbhewq1k9TytZmo83KMJbWBwtPWhbgET/i40CcngDiKPZLSt793WJ/LJpFtj/YidJaq2Z4k5Mj4RUr/SBMdH2HN+fZio/K9uyGy7hOLWKIU9zrSj1sOeMvqwyT6vD8h2s2qWV4TZai2PMxUSMgqqmJS3be2yoI68+5JHX3lgdQ9xRfhasxk//hK/rx39UiljIKxRRUpq1V2TGimK6YYNKrimzzVznCoB25h1+NMF8vQvwSRj085MAQkeQ14gedw==</ds:SignatureValue> + <ds:SignatureValue>JILQKKPvsK7onsMweJauAcGEniFGJ5bXEOvfYhxAYCB+dXL6pH87USD1v9UqycllBDqQE/Rp2tPtqo11CjdcKs0KkceQCZjzmDlVPqMZrgh0FerTSysF0fcPKoKeAtqqk+WSu7Xk9lU+PCxGArGA+vBLTRRbAOuZpE7ORrS7AF2m5uaO1YOKfO0GN+LoxTiygI2aeqKsKMlPkboh4ZuEjv1ht9xUHeQtAf/MHtaXZDvaRQPXALf0oCRnDWpiiqvKdARJq5NXrrbrdow/M1FpoddtE0Mu65AsorIdXoPSXJnLhw/zDfHv82PQo0pW7ujc0yJY+5VzfURMZOyKmrfCmg==</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIEFTCCAv2gAwIBAgIJAI/HXXgQpJtFMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNVBAYTAkFUMRMw @@ -37,7 +37,7 @@ cfmNJhb06H+6mmHz929Bk4HuHoQj8X8=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> - <md:EntityDescriptor entityID="https://demo.egiz.gv.at/demoportal_moaid-2.0" validUntil="2014-04-18T10:34:06.707Z"> + <md:EntityDescriptor entityID="https://demo.egiz.gv.at/demoportal_moaid-2.0" validUntil="2014-07-27T11:23:29.736Z"> <md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo> @@ -64,55 +64,114 @@ cfmNJhb06H+6mmHz929Bk4HuHoQj8X8=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp2/redirect"/> <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat> <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp2/post"/> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp2/redirect"/> - <saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="pseudonym" Name="http://www.stork.gov.eu/1.0/pseudonym" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="MANDATOR-NATURAL-PERSON-BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.261.82" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="MANDATOR-NATURAL-PERSON-FAMILY-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.80" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="EID-CCS-URL" Name="urn:oid:1.2.40.0.10.2.1.1.261.64" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="MANDATOR-PROF-REP-OID" Name="urn:oid:1.2.40.0.10.2.1.1.261.86" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="EID-AUTH-BLOCK" Name="urn:oid:1.2.40.0.10.2.1.1.261.62" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="MANDATOR-LEGAL-PERSON-FULL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.84" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="MANDATE-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.68" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="EID-SIGNER-CERTIFICATE" Name="urn:oid:1.2.40.0.10.2.1.1.261.66" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="MANDATOR-PROF-REP-DESCRIPTION" Name="urn:oid:1.2.40.0.10.2.1.1.261.88" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="title" Name="http://www.stork.gov.eu/1.0/title" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="inheritedFamilyName" Name="http://www.stork.gov.eu/1.0/inheritedFamilyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="MANDATE-REFERENCE-VALUE" Name="urn:oid:1.2.40.0.10.2.1.1.261.90" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="maritalStatus" Name="http://www.stork.gov.eu/1.0/maritalStatus" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> <saml2:Attribute FriendlyName="fiscalNumber" Name="http://www.stork.gov.eu/1.0/fiscalNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="age" Name="http://www.stork.gov.eu/1.0/age" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="canonicalResidenceAddress" Name="http://www.stork.gov.eu/1.0/canonicalResidenceAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="EID-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.36" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="nationalityCode" Name="http://www.stork.gov.eu/1.0/nationalityCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="textResidenceAddress" Name="http://www.stork.gov.eu/1.0/textResidenceAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="countryCodeOfBirth" Name="http://www.stork.gov.eu/1.0/countryCodeOfBirth" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="MANDATOR-NATURAL-PERSON-GIVEN-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.78" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="MANDATE-FULL-MANDATE" Name="urn:oid:1.2.40.0.10.2.1.1.261.92" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="adoptedFamilyName" Name="http://www.stork.gov.eu/1.0/adoptedFamilyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> <saml2:Attribute FriendlyName="residencePermit" Name="http://www.stork.gov.eu/1.0/residencePermit" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> <saml2:Attribute FriendlyName="EID-CITIZEN-QAA-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.94" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.76" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="isAgeOver" Name="http://www.stork.gov.eu/1.0/isAgeOver" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="EID-STORK-TOKEN" Name="urn:oid:1.2.40.0.10.2.1.1.261.96" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> <saml2:Attribute FriendlyName="MANDATOR-NATURAL-PERSON-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.70" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="MANDATE-FULL-MANDATE" Name="urn:oid:1.2.40.0.10.2.1.1.261.92" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="nationalityCode" Name="http://www.stork.gov.eu/1.0/nationalityCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.76" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> <saml2:Attribute FriendlyName="MANDATOR-NATURAL-PERSON-BPK" Name="urn:oid:1.2.40.0.10.2.1.1.261.98" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="title" Name="http://www.stork.gov.eu/1.0/title" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="MANDATE-REFERENCE-VALUE" Name="urn:oid:1.2.40.0.10.2.1.1.261.90" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="adoptedFamilyName" Name="http://www.stork.gov.eu/1.0/adoptedFamilyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="EID-STORK-TOKEN" Name="urn:oid:1.2.40.0.10.2.1.1.261.96" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> <saml2:Attribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.100" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="MANDATOR-PROF-REP-DESCRIPTION" Name="urn:oid:1.2.40.0.10.2.1.1.261.88" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="EID-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.36" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> <saml2:Attribute FriendlyName="MANDATOR-NATURAL-PERSON-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.102" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="MANDATOR-NATURAL-PERSON-GIVEN-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.78" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> <saml2:Attribute FriendlyName="EID-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.104" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="MANDATE-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.68" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="maritalStatus" Name="http://www.stork.gov.eu/1.0/maritalStatus" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="EID-SIGNER-CERTIFICATE" Name="urn:oid:1.2.40.0.10.2.1.1.261.66" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="inheritedFamilyName" Name="http://www.stork.gov.eu/1.0/inheritedFamilyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="EID-CCS-URL" Name="urn:oid:1.2.40.0.10.2.1.1.261.64" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="MANDATOR-NATURAL-PERSON-BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.261.82" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="EID-AUTH-BLOCK" Name="urn:oid:1.2.40.0.10.2.1.1.261.62" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="MANDATOR-NATURAL-PERSON-FAMILY-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.80" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="countryCodeOfBirth" Name="http://www.stork.gov.eu/1.0/countryCodeOfBirth" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="age" Name="http://www.stork.gov.eu/1.0/age" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> <saml2:Attribute FriendlyName="gender" Name="http://www.stork.gov.eu/1.0/gender" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="MANDATOR-PROF-REP-OID" Name="urn:oid:1.2.40.0.10.2.1.1.261.86" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> - <saml2:Attribute FriendlyName="MANDATOR-LEGAL-PERSON-FULL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.84" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="textResidenceAddress" Name="http://www.stork.gov.eu/1.0/textResidenceAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="canonicalResidenceAddress" Name="http://www.stork.gov.eu/1.0/canonicalResidenceAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="isAgeOver" Name="http://www.stork.gov.eu/1.0/isAgeOver" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> + <saml2:Attribute FriendlyName="pseudonym" Name="http://www.stork.gov.eu/1.0/pseudonym" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/> </md:IDPSSODescriptor> + <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIEFTCCAv2gAwIBAgIJAI/HXXgQpJtFMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNVBAYTAkFUMRMw +EQYDVQQIEwpTb21lLVN0YXRlMQ0wCwYDVQQHEwRHcmF6MQ0wCwYDVQQKEwRFR0laMSIwIAYDVQQD +ExlNT0EtSUQgSURQIChUZXN0LVZlcnNpb24pMB4XDTE0MDEyMTA4NDAxOFoXDTE1MDEyMTA4NDAx +OFowZDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3RhdGUxDTALBgNVBAcTBEdyYXoxDTAL +BgNVBAoTBEVHSVoxIjAgBgNVBAMTGU1PQS1JRCBJRFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFETzd0nLV2P4pUGnlLKj3V+MZ4bUyYkNK5NnkzB0PO8hm +tsrdg+HSNsnPiU5KvD26tFpxq9lfibZcAp9JHFqjA/capOHcTDhYkTvJcSdaKJzttTPy4wivTbRu +y+ocK9jjz6g8BFvP9wQ5/k2AwFaqj0SeJt0jJTn4CZ8XMNozA2hwkQA2heuMtOl24Ie9PRC3/Af7 +utV2CNfV2MysGHIxazsZDIgFF+5/nybyR1yiIxKb0BYDh3gbNdyH5uLVBHOP4hvzQN5Z1xc/cdzq +lzKn/4v6HJraNn00xLzK6nrG6gB6HvDok2l8T1Cc7f8I+sNlO2aM8rY4hGSGCfhiL6IFAgMBAAGj +gckwgcYwHQYDVR0OBBYEFKG3LzuPtAGCXUPTw3fo9dtsS9wWMIGWBgNVHSMEgY4wgYuAFKG3LzuP +tAGCXUPTw3fo9dtsS9wWoWikZjBkMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29tZS1TdGF0ZTEN +MAsGA1UEBxMER3JhejENMAsGA1UEChMERUdJWjEiMCAGA1UEAxMZTU9BLUlEIElEUCAoVGVzdC1W +ZXJzaW9uKYIJAI/HXXgQpJtFMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAME3wzEi +UAcF2pCDtMMJzX4IDhSkWNuvWtSMMy8Vgtcc2t570teIKh+qNKQWZyX3QFVE6ovDABg3ZUhn780l +G4/t6aMOUEeGg4udl7l0QRBRbdd+9oc0Aw5dQqku02AQ6wQd695PLj+F0GeA7cdef90aLPu6Rwa5 +z5BiKpReJZoul3NpjQXz7A1IslZOlIhEDcFUlBSn/+QfLOeNDKurvPT0OzUGSGfrv0AoniNHc/fz +lfyRmgFbzAVHedU5cIxcE0yHtEKFjFSVwtGng9rTJpoOoY4pvGvAHlw6GEgO+HwFukPDtnvY8vi/ +cfmNJhb06H+6mmHz929Bk4HuHoQj8X8=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIEFTCCAv2gAwIBAgIJAI/HXXgQpJtFMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNVBAYTAkFUMRMw +EQYDVQQIEwpTb21lLVN0YXRlMQ0wCwYDVQQHEwRHcmF6MQ0wCwYDVQQKEwRFR0laMSIwIAYDVQQD +ExlNT0EtSUQgSURQIChUZXN0LVZlcnNpb24pMB4XDTE0MDEyMTA4NDAxOFoXDTE1MDEyMTA4NDAx +OFowZDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3RhdGUxDTALBgNVBAcTBEdyYXoxDTAL +BgNVBAoTBEVHSVoxIjAgBgNVBAMTGU1PQS1JRCBJRFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFETzd0nLV2P4pUGnlLKj3V+MZ4bUyYkNK5NnkzB0PO8hm +tsrdg+HSNsnPiU5KvD26tFpxq9lfibZcAp9JHFqjA/capOHcTDhYkTvJcSdaKJzttTPy4wivTbRu +y+ocK9jjz6g8BFvP9wQ5/k2AwFaqj0SeJt0jJTn4CZ8XMNozA2hwkQA2heuMtOl24Ie9PRC3/Af7 +utV2CNfV2MysGHIxazsZDIgFF+5/nybyR1yiIxKb0BYDh3gbNdyH5uLVBHOP4hvzQN5Z1xc/cdzq +lzKn/4v6HJraNn00xLzK6nrG6gB6HvDok2l8T1Cc7f8I+sNlO2aM8rY4hGSGCfhiL6IFAgMBAAGj +gckwgcYwHQYDVR0OBBYEFKG3LzuPtAGCXUPTw3fo9dtsS9wWMIGWBgNVHSMEgY4wgYuAFKG3LzuP +tAGCXUPTw3fo9dtsS9wWoWikZjBkMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29tZS1TdGF0ZTEN +MAsGA1UEBxMER3JhejENMAsGA1UEChMERUdJWjEiMCAGA1UEAxMZTU9BLUlEIElEUCAoVGVzdC1W +ZXJzaW9uKYIJAI/HXXgQpJtFMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAME3wzEi +UAcF2pCDtMMJzX4IDhSkWNuvWtSMMy8Vgtcc2t570teIKh+qNKQWZyX3QFVE6ovDABg3ZUhn780l +G4/t6aMOUEeGg4udl7l0QRBRbdd+9oc0Aw5dQqku02AQ6wQd695PLj+F0GeA7cdef90aLPu6Rwa5 +z5BiKpReJZoul3NpjQXz7A1IslZOlIhEDcFUlBSn/+QfLOeNDKurvPT0OzUGSGfrv0AoniNHc/fz +lfyRmgFbzAVHedU5cIxcE0yHtEKFjFSVwtGng9rTJpoOoY4pvGvAHlw6GEgO+HwFukPDtnvY8vi/ +cfmNJhb06H+6mmHz929Bk4HuHoQj8X8=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp2/sp/redirect"/> + <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat> + <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> + <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp2/sp/post" index="0" isDefault="true"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp2/sp/redirect" index="1"/> + </md:SPSSODescriptor> <md:Organization> <md:OrganizationName xml:lang="de">EGIZ</md:OrganizationName> <md:OrganizationDisplayName xml:lang="de">E-Government Innovationszentrum</md:OrganizationDisplayName> diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index b98561d7e..e7658875c 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -32,7 +32,11 @@ </ol> </li> <li><a href="#allgemeines_sso">Single Sign-On</a></li> - <li><a href="#allgemeines_ssologout">SSO Logout </a></li> + <li><a href="#allgemeines_ssologout">SSO Logout</a> + <ol> + <li><a href="#allgemeines_ssologout_slo">Single LogOut</a></li> + </ol> + </li> <li><a href="#allgemeines_legacy">Legacy Request (Bürgerkartenauswahl beim Service Provider)</a></li> </ol> </li> @@ -110,6 +114,11 @@ Redirect Binding</td> <td>https://<host>:<port>/moa-id-auth/pvp2/attributequery</td> </tr> <tr> + <td><a href="#./../interfederation/interfederation.html#config_idps">PVP 2.1</a></td> + <td>Single LogOut</td> + <td>https://<host>:<port>/moa-id-auth/pvp2/redirect</td> + </tr> + <tr> <td><a href="#openid">OpenID Connect</a></td> <td>Authentifizierungsrequest <br> (AuthCode-Request)</td> @@ -132,11 +141,17 @@ Redirect Binding</td> <p>http://<host>:<port>/moa-id-auth/services/GetAuthenticationData</p></td> </tr> <tr> - <td><a href="#allgemeines_ssologout">SSO Logout</a></td> + <td><a href="#allgemeines_ssologout">SSO LogOut</a></td> <td>LogOut</td> <td><p>https://<host>:<port>/moa-id-auth/LogOut</p> <p>http://<host>:<port>/moa-id-auth/LogOut</p></td> </tr> + <tr> + <td>IDP Single LogOut</td> + <td>Single LogOut</td> + <td><p>https://<host>:<port>/moa-id-auth/idpSingleLogout</p> + <p>http://<host>:<port>/moa-id-auth/idpSingleLogout</p></td> + </tr> </table> <h2><a name="allgemeines_attribute" id="allgemeines_zugangspunkte2"></a>1.2 Übersicht der möglichen Attribute</h2> <p>Die nachfolgende Tabelle beinhaltet eine Liste aller Attribute die vom Modul MOA-ID-Auth an die Online-Applikation zurückgeliefert werden können, sofern diese nach der Authentifizierung zur Verfügung stehen. Alle Namen beziehen sich auf den Attributnamen im jeweiligen Protokoll. Detailinformationen zu den einzelnen Attributen finden Sie in der <a href="#referenzierte_spezifikation">PVP 2.1 Spezifikation</a> der der <a href="#referenzierte_spezifikation">STORK Spezifikation</a>.</p> @@ -882,6 +897,17 @@ https://<host>:<port>/moa-id-auth/LogOut <pre>https://demo.egiz.gv.at/moa-id-auth/LogOut?redirect=https://demo.egiz.gv.at/demoportal-openID_demo </pre> <p><strong>Hinweis:</strong> Dieses Service bietet jedoch NICHT eine vollständige Single Log-Out Funktionalität wie sie im SAML 2 Protokoll vorgesehen ist, sondern beendet ausschließlich die SSO Session in der MOA-ID-Auth Instanz.</p> +<h3><a name="allgemeines_ssologout_slo" id="allgemeines_zugangspunkte25"></a>1.5.1 Single LogOut</h3> +<p>Ab der Version 2.1 unterstützt das Modul MOA-ID-Auth Single LogOut (SLO) laut SAML2 Spezifikation. Die SLO Funktionaltität steht jedoch nur für Online-Applikationen zur Verfügung welche als Authentifizierungsprotokoll PVP 2.1 verwenden. Für alle anderen Authentifizierungsprotokolle steht aktuell kein SLO zur Verfügung. </p> +<p>Für Single LogOut stehen sowohl IDP initialisiertes SLO als auch Service Provider initialisiertes SLO zur Verfügung. Als Einsprungpunkt für IDP initialisiertes SLO stellt das Modul MOA-ID-Auth folgende Web Adressen zur Verfügung. Nach dem Aufruf dieses Services wird der Single LogOut Vorgang gestartet. Nach erfolgreicher Bearbeitung aller SLO Requests / Response erfolgt die Statusausgabe in den Browser.</p> +<pre>https://<host>:<port>/moa-id-auth/idpSingleLogout</pre> +<p>bzw.</p> +<pre>http://<host>:<port>/moa-id-auth/idpSingleLogout</pre> +<p> </p> +<p>Die Endpunkte für Service Provider initialisietes SLO finden Sie in den <a href="#pvp21_metadata">PVP 2.1 Metadaten</a>.</p> +<p> </p> +<p><strong>Hinweis:</strong> Wenn Single Sign-On mit Authentifizierungsprotokollen, welche kein SLO untersützen verwendet wurde, schlägt der Single LogOut Vorgang auf jeden Fall fehl, da der Benutzer an den jeweiligen Online-Applikationen nicht angemeldet werden kann. Die SSO Session am Identityprovider wird jedoch auf jeden Fall beendet</p> +<p> </p> <h2><a name="allgemeines_legacy" id="allgemeines_zugangspunkte4"></a>1.6 Legacy Request (Bürgerkartenauswahl beim Service Provider)</h2> <p>Soll die Bürgerkartenauswahl jedoch weiterhin, wie aus MOA-ID 1.5.1 bekannt direkt in der Online-Applikation des Service Providers erfolgen muss für das jeweilige Protokoll der <a href="./../config/config.html#konfigurationsparameter_allgemein_protocol_legacy">Legacy Modus aktiviert</a> werden. Wird der Legacy Modus verwendet muss jedoch zusätzlich zu den protokollspezifischen Parametern mindestens der Parameter <em>bkuURI</em>, welcher die gewählte Bürgerkartenumgebung enthält, im Authentifizierungsrequest an MOA-ID-Auth übergeben werden (siehe <a href="#saml1_startauth">Protokoll SAML 1</a>). Die folgenden Parameter stehen bei Verwendung des Legacy Modus unabhängig vom verwendeten Protokoll zur Verfügung und bilden den gesamten Umfang der Bürgerkartenauswahl, wie aus MOA-ID 1.5.1 bekannt, ab.</p> <table border="1" width="1247"> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index c0e1dd3ca..9af2f5ee5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -478,11 +478,19 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); authData.setDateOfBirth(identityLink.getDateOfBirth()); - authData.setQualifiedCertificate(verifyXMLSigResp - .isQualifiedCertificate()); - authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); - authData.setPublicAuthorityCode(verifyXMLSigResp - .getPublicAuthorityCode()); + + if (verifyXMLSigResp != null) { + authData.setQualifiedCertificate(verifyXMLSigResp + .isQualifiedCertificate()); + authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); + authData.setPublicAuthorityCode(verifyXMLSigResp + .getPublicAuthorityCode()); + + } else { + Logger.warn("No signature verfication response found!"); + + } + authData.setBkuURL(session.getBkuURL()); authData.setStorkAttributes(session.getStorkAttributes()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 2d49eb809..5a2fda67f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -301,17 +301,14 @@ public class PEPSConnectorServlet extends AuthServlet { // retrieve target
//TODO: check in case of SSO!!!
String targetType = null;
- String targetValue = null;
if(oaParam.getBusinessService()) {
String id = oaParam.getIdentityLinkDomainIdentifier();
if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
- targetValue = id.substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());
+ targetType = id;
else
- targetValue = moaSession.getDomainIdentifier();
- targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_;
+ targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier();
} else {
- targetType = AuthenticationSession.TARGET_PREFIX_;
- targetValue = oaParam.getTarget();
+ targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
}
Logger.debug("Starting connecting SZR Gateway");
@@ -320,7 +317,7 @@ public class PEPSConnectorServlet extends AuthServlet { try {
identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(),
oaParam.getFriendlyName(),
- targetType, targetValue,
+ targetType, null,
oaParam.getMandateProfiles());
} catch (STORKException e) {
// this is really nasty but we work against the system here. We are supposed to get the gender attribute from
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 762d9af2c..547a86bd9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -288,15 +288,16 @@ public class CreateXMLSignatureResponseValidator { } if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { String samlSpecialText = (String)samlAttribute.getValue(); + samlSpecialText = samlSpecialText.replaceAll("'", "'"); - String text = ""; - try { + String text = ""; + try { OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText())) Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix()); - } catch (ConfigurationException e) { - Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); - } + } catch (ConfigurationException e) { + Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); + } String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant); @@ -516,22 +517,23 @@ public class CreateXMLSignatureResponseValidator { } if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { String samlSpecialText = (String)samlAttribute.getValue(); + samlSpecialText = samlSpecialText.replaceAll("'", "'"); - String text = ""; - try { - if (MiscUtil.isNotEmpty(text = AuthConfigurationProvider.getInstance().getSSOSpecialText())) + String text = ""; + try { + if (MiscUtil.isNotEmpty(text = AuthConfigurationProvider.getInstance().getSSOSpecialText())) Logger.info("Use addional AuthBlock Text from SSO=" +text); else text = new String(); - } catch (ConfigurationException e) { - Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e); - } + } catch (ConfigurationException e) { + Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e); + } - String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant); - if (!samlSpecialText.equals(specialText)) { - throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); - } + String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant); + if (!samlSpecialText.equals(specialText)) { + throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); + } } else { throw new ValidateException("validator.35", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index e6e77911a..864be253a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -29,7 +29,6 @@ import java.io.IOException; import java.io.InputStream; import java.math.BigInteger; import java.net.URI; -import java.net.URL; import java.nio.file.Path; import java.util.ArrayList; import java.util.Arrays; @@ -242,13 +241,19 @@ public class BuildFromLegacyConfig { for (int i=0; i<transformsInfos.length; i++) { TransformsInfoType transforminfotype = new TransformsInfoType(); - - String fileURL = FileUtils.makeAbsoluteURL(transformsInfoFileNames[i], rootConfigFileDir); - Path fileName_ = new File(new URI(fileURL)).toPath().getFileName(); - transforminfotype.setFilename(fileName_.toString()); - transforminfotype.setTransformation(Base64Utils.encode(transformsInfos[i].getBytes("UTF-8")).getBytes("UTF-8")); - auth_transformInfos.add(transforminfotype); + if (transformsInfoFileNames[i] != null && + transformsInfos[i] != null) { + String fileURL = FileUtils.makeAbsoluteURL(transformsInfoFileNames[i], rootConfigFileDir); + Path fileName_ = new File(new URI(fileURL)).toPath().getFileName(); + transforminfotype.setFilename(fileName_.toString()); + + transforminfotype.setTransformation(Base64Utils.encode(transformsInfos[i].getBytes("UTF-8")).getBytes("UTF-8")); + auth_transformInfos.add(transforminfotype); + + } else + Logger.warn("AuthBlock Transformation " + transformsInfoFileNames[i] + + "not found."); } } @@ -448,6 +453,7 @@ public class BuildFromLegacyConfig { oa_saml1.setProvideStammzahl(oa.getProvideStammzahl()); oa_saml1.setUseCondition(oa.getUseCondition()); oa_saml1.setIsActive(true); + oa_saml1.setProvideAllErrors(false); //OA_PVP2 OAPVP2 oa_pvp2 = new OAPVP2(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 399e7fa22..9c8c52e87 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -166,21 +166,26 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { IRequest protocolRequest) throws Throwable{ - SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace(); + OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); + if (!oa.getSAML1Parameter().isProvideAllErrors()) + return false; - String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest); + else { + SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace(); + String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest); - String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet"; - url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); - url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - url = response.encodeRedirectURL(url); + String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet"; + url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); + url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + url = response.encodeRedirectURL(url); - response.setContentType("text/html"); - response.setStatus(302); - response.addHeader("Location", url); - Logger.debug("REDIRECT TO: " + url); + response.setContentType("text/html"); + response.setStatus(302); + response.addHeader("Location", url); + Logger.debug("REDIRECT TO: " + url); - return true; + return true; + } } public IAction getAction(String action) { diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 5b3075c68..45adecb92 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -862,6 +862,7 @@ <xsd:element name="useCondition" type="xsd:boolean" minOccurs="0" maxOccurs="1"/> <xsd:element name="conditionLength" type="xsd:integer" minOccurs="0" maxOccurs="1"/> <xsd:element name="sourceID" type="xsd:string" minOccurs="0" maxOccurs="1"/> + <xsd:element name="provideAllErrors" type="xsd:boolean" default="true" minOccurs="0" maxOccurs="1"/> </xsd:sequence> </xsd:complexType> </xsd:element> |