From cca17e1aadc7048c58967b7e8146cd3a50463871 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 10 Jun 2014 14:49:43 +0200 Subject: activate backchannel SLO service --- .../moa/id/configuration/auth/pvp2/servlets/Authenticate.java | 11 ----------- .../id/configuration/auth/pvp2/servlets/BuildMetadata.java | 8 ++++---- 2 files changed, 4 insertions(+), 15 deletions(-) diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java index 56f6d8827..390b8c476 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.configuration.auth.pvp2.servlets; import java.io.IOException; -import java.security.KeyStore; import java.util.Map; import javax.servlet.ServletException; @@ -36,15 +35,10 @@ import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; -import org.apache.velocity.app.VelocityEngine; -import org.apache.velocity.runtime.RuntimeConstants; import org.joda.time.DateTime; import org.opensaml.Configuration; -import org.opensaml.common.SAMLObject; -import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; import org.opensaml.saml2.core.AuthnContextClassRef; import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.core.AuthnRequest; @@ -56,17 +50,12 @@ import org.opensaml.saml2.core.RequestedAuthnContext; import org.opensaml.saml2.core.Subject; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SingleSignOnService; -import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; -import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.XMLObject; import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.io.MarshallingException; -import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.AbstractSignableXMLObject; -import org.opensaml.xml.signature.Signature; -import org.opensaml.xml.signature.SignatureConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.w3c.dom.Document; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java index f121babc6..5265aed86 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java @@ -242,10 +242,10 @@ public class BuildMetadata extends HttpServlet { redirectBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT); spSSODescriptor.getSingleLogoutServices().add(redirectBindingService); -// SingleLogoutService soapBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); -// soapBindingService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); -// soapBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_BACK); -// spSSODescriptor.getSingleLogoutServices().add(soapBindingService); + SingleLogoutService soapBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + soapBindingService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + soapBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_BACK); + spSSODescriptor.getSingleLogoutServices().add(soapBindingService); spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); -- cgit v1.2.3 From 0bd2e2b85eba11aface6a00387ceb4073796c11f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 10 Jun 2014 14:56:28 +0200 Subject: change to correct MessageProvider --- .../moa/id/moduls/AuthenticationManager.java | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index a7eb51877..d8c3eebb5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.moduls; import java.io.IOException; import java.io.PrintWriter; -import java.io.StringWriter; import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.Collection; @@ -36,9 +35,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; import org.joda.time.DateTime; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; @@ -54,19 +51,13 @@ import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.core.RequestedAuthnContext; import org.opensaml.saml2.core.Subject; import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SingleLogoutService; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.provider.MetadataProviderException; -import org.opensaml.security.MetadataCredentialResolver; -import org.opensaml.security.MetadataCredentialResolverFactory; -import org.opensaml.security.MetadataCriteria; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.ws.soap.common.SOAPException; import org.opensaml.xml.XMLObject; -import org.opensaml.xml.security.CriteriaSet; import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.criteria.EntityIDCriteria; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder; @@ -80,13 +71,11 @@ import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; @@ -98,11 +87,10 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MessageProvider; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; @@ -274,10 +262,10 @@ public class AuthenticationManager extends AuthServlet { if (sloContainer.getSloFailedOAs() == null || sloContainer.getSloFailedOAs().size() == 0) context.put("successMsg", - MessageProvider.getInstance().getMessage("slo.00", null)); + MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); else context.put("errorMsg", - MessageProvider.getInstance().getMessage("slo.01", null)); + MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); ssomanager.printSingleLogOutInfo(context, httpResp); } @@ -295,7 +283,7 @@ public class AuthenticationManager extends AuthServlet { //print SLO information directly VelocityContext context = new VelocityContext(); context.put("errorMsg", - MessageProvider.getInstance().getMessage("slo.01", null)); + MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); ssomanager.printSingleLogOutInfo(context, httpResp); } -- cgit v1.2.3 From f5f4570270da08bf45c662c41df2642ddf015436 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 10 Jun 2014 15:01:33 +0200 Subject: add default message if no SSO session is found --- .../moa/id/auth/servlet/IDPSingleLogOutServlet.java | 19 ++++++++++++++++--- .../resources/properties/id_messages_de.properties | 1 + 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index ac4e56023..0e72f219d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -114,9 +114,22 @@ public class IDPSingleLogOutServlet extends AuthServlet { e.printStackTrace(); } } - } - } + } + + } else { + VelocityContext context = new VelocityContext(); + context.put("successMsg", + MOAIDMessageProvider.getInstance().getMessage("slo.02", null)); + try { + ssomanager.printSingleLogOutInfo(context, resp); + - } + } catch (MOAIDException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + } + } } diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 9aab22ef5..232411fd8 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -259,3 +259,4 @@ oauth20.09=Zertifikat fuer JSON Web-Token ist falsch konfiguriert. Fehler bei "{ slo.00=Sie konnten erfolgreich von allen Online-Applikation abgemeldet werden. slo.01=Sie konnten NICHT erfolgreich von allen Online-Applikationen abgemeldet werden\!
Bitte schlie\u00DFen Sie aus sicherheitsgr\u00FCnden Ihren Browser. +slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Online-Applikation angemeldet. \ No newline at end of file -- cgit v1.2.3 From acd8e3abc198dd5566cc8c2c099518f62154fc93 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 10 Jun 2014 15:14:45 +0200 Subject: fix problem with username and password --- .../gv/egovernment/moa/id/configuration/struts/action/IndexAction.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index 980bb1e59..4762f1518 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -224,7 +224,7 @@ public class IndexAction extends BasicAction { //store user as authenticated user AuthenticationManager authManager = AuthenticationManager.getInstance(); - authManager.setActiveUser(authUser); + authManager.setActiveUser(authuser); Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); if (date != null) -- cgit v1.2.3