From 44184c19d53146dcd84e2ddd704ff78aa539d511 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 23 Feb 2017 08:13:11 +0100 Subject: update eIDAS SP metadata, because SP needs persistent identifiers only --- .../modules/eidas/utils/MOAeIDASMetadataGenerator.java | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java index 9d397074b..7b159c73d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java @@ -208,7 +208,12 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator { if (!StringUtils.isEmpty(params.getAssertionConsumerUrl())) { addAssertionConsumerService(); } - fillNameIDFormat(spSSODescriptor); + + //FIX: Austrian eIDAS node SP only needs persistent identifiers + NameIDFormat persistentFormat = + (NameIDFormat) BuilderFactoryUtil.buildXmlObject(NameIDFormat.DEFAULT_ELEMENT_NAME); + persistentFormat.setFormat(SamlNameIdFormat.PERSISTENT.getNameIdFormat()); + spSSODescriptor.getNameIDFormats().add(persistentFormat); /**FIXME: * Double signing of SPSSODescribtor is not required @@ -221,8 +226,8 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator { entityDescriptor.getRoleDescriptors().add(spSSODescriptor); } - - private void fillNameIDFormat(SSODescriptor ssoDescriptor) throws EIDASSAMLEngineException { + + private void fillIDPNameIDFormat(SSODescriptor ssoDescriptor) throws EIDASSAMLEngineException { NameIDFormat persistentFormat = (NameIDFormat) BuilderFactoryUtil.buildXmlObject(NameIDFormat.DEFAULT_ELEMENT_NAME); persistentFormat.setFormat(SamlNameIdFormat.PERSISTENT.getNameIdFormat()); @@ -269,7 +274,9 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator { .add(getKeyDescriptor(keyInfoGeneratorFactory, params.getEncryptionCredential(), UsageType.ENCRYPTION)); } idpSSODescriptor.addSupportedProtocol(params.getIdpSamlProtocol()); - fillNameIDFormat(idpSSODescriptor); + + //Austrian eIDAS node IDP can provided persistent, transient, and unspecified identifiers + fillIDPNameIDFormat(idpSSODescriptor); if (params.getIdpEngine() != null) { @@ -298,7 +305,7 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator { } - /*TODO: Only a work-around to add eIDAS attributes, which could be provided from MOA-ID, to IDP metadata + /* FIX: Work-around to add eIDAS attributes, which could be provided from MOA-ID, to IDP metadata * If we restrict the eIDAS Engine attribute definitions then also additional incoming attributes can not processed any more. */ public ImmutableSortedSet> getAllSupportedAttributes() { -- cgit v1.2.3