diff options
Diffstat (limited to 'id')
6 files changed, 211 insertions, 1 deletions
| diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml index 9759f1ac5..8d26a1893 100644 --- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml +++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml @@ -79,7 +79,7 @@  				</cfg:CrlRetentionIntervals>  			</cfg:RevocationChecking>  		</cfg:CertificateValidation> -				<cfg:VerifyTransformsInfoProfile> +		<cfg:VerifyTransformsInfoProfile>  			<cfg:Id>MOAIDTransformAuthBlockTable_DE_2.0</cfg:Id>  			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml</cfg:Location>  		</cfg:VerifyTransformsInfoProfile> diff --git a/id/server/doc/handbook/interfederation/interfederation.html b/id/server/doc/handbook/interfederation/interfederation.html index bd97061ab..f0aaf8776 100644 --- a/id/server/doc/handbook/interfederation/interfederation.html +++ b/id/server/doc/handbook/interfederation/interfederation.html @@ -153,6 +153,18 @@      <td>Wenn eingehende SSO Intefederation erlaubt ist besteht zusätzlich die Möglichkeit diesen einmal verwendeten IDP an die Benutzersession zu binden. In diesem Fall können weitere SSO Authentifizierungen über diesen interfederation IDP auch ohne Angabe des IDP Identifiers (siehe <a href="#sequenzediagramm">Sequenzdiagramm</a> oder <a href="#usage">Integration in bestehende Systeme</a>) durchgeführt werden.</td>    </tr>    <tr> +    <td>Verwende SAML2 <em>isPassive </em>Attribut</td> +    <td> </td> +    <td align="center"> </td> +    <td>Dieser Parameter kann das <em>isPassive</em> Attribut des SAML2 Authentifizierungsrequests an diesen IDP konfiguriert werden. Wird dieses Attribut gesetzt erfolgt an diesem IDP keine Authentifzierung wenn keine aktive SSO Session vorhanden ist.</td> +  </tr> +  <tr> +    <td>Im Fehlerfall Authentifizierung lokal durchführen</td> +    <td> </td> +    <td align="center"> </td> +    <td>Dieser Parameter definert das Verhalten für den Fall dass an diesem IDP keine Authentifizierung möglich war. Bei ausgewähltem Parameter wird im Fehlerfall die Authentifizerung an der lokalen IDP Instanz wiederholt.</td> +  </tr> +  <tr>      <td><span id="wwlbl_loadIDP_moaIDP_queryURL">AttributQuery Service URL</span></td>      <td>https://demo.egiz.gv.at/moa-id-auth/pvp2/attributequery</td>      <td align="center">X</td> diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index e7658875c..c2dcddd03 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -700,6 +700,10 @@ Redirect Binding</td>      <td>4400</td>      <td>Fehler beim Generieren der Anmeldedaten</td>    </tr> +  <tr> +    <td>4401</td> +    <td>Die Anmeldung am federierten IDP ist fehlgeschlagen.</td> +  </tr>  </table>  <h3><a name="statuscodes_6xxxx" id="allgemeines_zugangspunkte9"></a>1.3.3 Statuscodes 6xxxx</h3>  <p>Alles Statuscodes beginnend mit der Zahl sechs beschreiben protokollspezifische Fehler die nicht durch das jeweilige Authentifizierungsprotokoll abgebildet werden.</p> @@ -811,6 +815,10 @@ Redirect Binding</td>      <td>9007</td>      <td>Der SZR-Gateway Client konnte nicht initialisiert werden.</td>    </tr> +  <tr> +    <td>9008</td> +    <td>Fehlerhafte Interfederation Konfiguration</td> +  </tr>  </table>  <h4><a name="statuscodes_91xxx" id="allgemeines_zugangspunkte15"></a>1.3.4.2 Interne Fehler (91xxx)</h4>  <table width="1237" border="1"> diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 833f869e5..872ca3916 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -257,6 +257,10 @@  				<groupId>org.slf4j</groupId>
  				<artifactId>log4j-over-slf4j</artifactId>
  			</exclusion>
 +			<exclusion>
 +				<artifactId>bcprov-jdk15on</artifactId>
 +				<groupId>org.bouncycastle</groupId>
 +			</exclusion>
  		</exclusions>
  	</dependency>  		
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java new file mode 100644 index 000000000..91514ca62 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRole.java @@ -0,0 +1,110 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +/** + * @author tlenz + * + */ +public class AuthenticationRole { + +	private String roleName = null; +	private List<Entry<String, String>> params = null; +	 +	public AuthenticationRole(String roleName) { +		this.roleName = roleName; +	} +	 +	public void addParameter(String key, String value) { +		if (params == null) +			params = new ArrayList<Entry<String,String>>();				 +		params.add(new Entry<String, String>(key, value)); +		 +	} +	 +	/** +	 * @return the roleName +	 */ +	public String getRoleName() { +		return roleName; +	} +	 +	/** +	 * @return the params +	 */ +	public List<Entry<String, String>> getParams() { +		return params; +	} +	 +	/** +	 * @return the params +	 */ +	public Iterator<Entry<String, String>> getParamsInterator() { +		return params.iterator(); +	} +	 +	static class Entry<K,V> implements Map.Entry<K,V> { + +		private K key; +		private V value; + +		Entry(K k, V v) { +			key = k; +			value = v; +		} +		 +		/* (non-Javadoc) +		 * @see java.util.Map.Entry#getKey() +		 */ +		@Override +		public K getKey() { +			return key; +		} + +		/* (non-Javadoc) +		 * @see java.util.Map.Entry#getValue() +		 */ +		@Override +		public V getValue() { +			return value; +		} + +		/* (non-Javadoc) +		 * @see java.util.Map.Entry#setValue(java.lang.Object) +		 */ +		@Override +		public V setValue(V newValue) { +            V oldValue = value; +            value = newValue; +            return oldValue; +		} +		 +		 +	} +	 +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java new file mode 100644 index 000000000..7d4dc6eff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationRoleFactory.java @@ -0,0 +1,76 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.util.Arrays; +import java.util.List; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class AuthenticationRoleFactory { + +	public static AuthenticationRole buildFormPVPole(String pvprole) {	 +		AuthenticationRole role = null; +		 +		int first = pvprole.indexOf("("); +		 +		if (first < 0) { +			//no role paramters found +			role = new AuthenticationRole(pvprole.trim()); +			Logger.debug("Add authentication role with name=" + pvprole.trim()); +			 +		} else { +			role = new AuthenticationRole(pvprole.substring(0, first).trim());	 +			Logger.debug("Add authentication role with name=" + pvprole.substring(0, first).trim()); +			String params = pvprole.substring(first + 1, pvprole.length() - 1); +			 +			List<String> param = Arrays.asList(params.split(",")); +			String test = new String(); +			for (String el : param) { +				test = test.concat(el); +				if (!test.endsWith("\\") ||  +						(test.endsWith("\\\\") && !test.endsWith("\\\\\\")) ) { +					String[] keyValue = test.split("="); +					if (keyValue.length < 2) { +						role.addParameter(keyValue[0].trim(), ""); +						Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim()); +						 +					} else { +						role.addParameter(keyValue[0].trim(), keyValue[1].trim()); +						Logger.debug("Add authentication roleparameter with key=" + keyValue[0].trim()  +								+ " value=" + keyValue[1].trim()); +						 +					} +					 +					test = new String(); +				}									 +			}			 +		} +				 +		return role;		 +	} +} | 
