diff options
Diffstat (limited to 'id')
5 files changed, 78 insertions, 40 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java index e988cc292..150cd959e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -82,9 +82,7 @@ public class OATargetConfiguration implements IOnlineApplicationData { */ @Override public List<String> parse(OnlineApplication dbOA, - AuthenticatedUser authUser, HttpServletRequest request) { - subTargetSet = MiscUtil.isNotEmpty(getTarget_subsector()); - + AuthenticatedUser authUser, HttpServletRequest request) { String target_full = dbOA.getTarget(); if (MiscUtil.isNotEmpty(target_full)) { if (TargetValidator.isValidTarget(target_full)) { @@ -95,8 +93,10 @@ public class OATargetConfiguration implements IOnlineApplicationData { if (TargetValidator.isValidTarget(target_split[0])) { target = target_split[0]; - if (target_split.length > 1) + if (target_split.length > 1) { target_subsector = target_split[1]; + subTargetSet = true; + } } else { target = ""; @@ -367,4 +367,22 @@ public class OATargetConfiguration implements IOnlineApplicationData { public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { this.deaktivededBusinessService = deaktivededBusinessService; } + + + /** + * @return the subTargetSet + */ + public boolean isSubTargetSet() { + return subTargetSet; + } + + + /** + * @param subTargetSet the subTargetSet to set + */ + public void setSubTargetSet(boolean subTargetSet) { + this.subTargetSet = subTargetSet; + } + + } diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp index 261966a86..b8bd1dc02 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp @@ -46,8 +46,8 @@ </s:select> </s:else> - <s:checkbox name="subTargetSet" - value="%{subTargetSet}" + <s:checkbox name="targetConfig.subTargetSet" + value="%{targetConfig.subTargetSet}" labelposition="left" key="webpages.oaconfig.general.target.subsector.checkbox" cssClass="checkbox" diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 17d6898ee..ddcc6e1d1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -39,6 +39,7 @@ import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.AttributeQuery; import org.opensaml.saml2.core.AttributeStatement; import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.ws.soap.common.SOAPException; import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.SecurityException; @@ -76,6 +77,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExt import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; @@ -239,11 +241,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { attributs = reqQueryAttr; //IDP is a service provider IDP and request interfederated IDP to collect attributes - } else { - - //TODO: check if response include attributes and map this attributes to requested attributes - //TODO: insert code to parse Attributes from AuthnRespones for USP --> Zustelldienst - + } else { //get PVP 2.1 attributes from protocol specific requested attributes attributs = req.getRequestedAttributes(); @@ -255,44 +253,52 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix()); throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null); } + + + //TODO: check if response include attributes and map this attributes to requested attributes + //TODO: insert code to parse Attributes from AuthnRespones for USP --> Zustelldienst + Response intfResp = (Response) req.getInterfederationResponse().getResponse(); + AssertionAttributeExtractor extractor = + new AssertionAttributeExtractor(intfResp); - //build attributQuery request - AttributeQuery query = - AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs); + if (!extractor.containsAllRequiredAttributes()) { + //build attributQuery request + AttributeQuery query = + AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs); - //build SOAP request - List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query); + //build SOAP request + List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query); - if (xmlObjects.size() == 0) { - Logger.error("Receive emptry AttributeQuery response-body."); - throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null); + if (xmlObjects.size() == 0) { + Logger.error("Receive emptry AttributeQuery response-body."); + throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null); - } + } - if (xmlObjects.get(0) instanceof Response) { - Response intfResp = (Response) xmlObjects.get(0); + if (xmlObjects.get(0) instanceof Response) { + intfResp = (Response) xmlObjects.get(0); - //validate PVP 2.1 response - try { - SAMLVerificationEngine engine = new SAMLVerificationEngine(); - engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + //validate PVP 2.1 response + try { + SAMLVerificationEngine engine = new SAMLVerificationEngine(); + engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); - SAMLVerificationEngine.validateAssertion(intfResp, false); + SAMLVerificationEngine.validateAssertion(intfResp, false); - } catch (Exception e) { - Logger.warn("PVP 2.1 assertion validation FAILED.", e); - throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e); - } - - //parse response information to authData - buildAuthDataFormInterfederationResponse(authdata, session, intfResp); - - } else { - Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response"); - throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null); + } catch (Exception e) { + Logger.warn("PVP 2.1 assertion validation FAILED.", e); + throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e); + } + + } else { + Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response"); + throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null); + } } - + //parse response information to authData + buildAuthDataFormInterfederationResponse(authdata, session, intfResp); + } catch (SOAPException e) { throw new BuildException("builder.06", null, e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 0d34fcb87..1e38bd4ff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -269,7 +269,7 @@ public class DispatcherServlet extends AuthServlet{ info = ModulStorage.getModuleByPath(protocolRequest.requestedModule()); moduleAction = info.getAction(protocolRequest.requestedAction()); - //create interfederated mOASession + //create interfederated MOASession String sessionID = AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId); req.getParameterMap().put(PARAM_SESSIONID, sessionID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java index ee0088576..9aadfdc28 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.utils; import java.util.List; import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.AuthnContextClassRef; import org.opensaml.saml2.core.AuthnStatement; import org.opensaml.saml2.core.Response; @@ -54,6 +55,19 @@ public class AssertionAttributeExtractor { throw new AssertionAttributeExtractorExeption(); } + public boolean containsAllRequiredAttributes() { + //TODO: add default attribute list + return containsAllRequiredAttributes(null); + + } + + public boolean containsAllRequiredAttributes(List<Attribute> attributs) { + //TODO: add validation + return false; + + } + + public String getNameID() throws AssertionAttributeExtractorExeption { if (assertion.getSubject() != null) { Subject subject = assertion.getSubject(); |