From dd45e938564249a5e6897bd92dd29808d8990868 Mon Sep 17 00:00:00 2001 From: rudolf Date: Fri, 24 Oct 2003 08:34:56 +0000 Subject: MOA-ID version 1.1 (initial) git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@19 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../doc/moa_id/examples/BKUSelectionTemplate.html | 4 + id.server/doc/moa_id/examples/ChainingModes.txt | 6 + .../doc/moa_id/examples/IdentityLinkSigners.txt | 3 + .../doc/moa_id/examples/LoginServletExample.txt | 171 +++++++++++++++++++++ id.server/doc/moa_id/examples/Template.html | 23 +++ .../moa_id/examples/TransformsInfoAuthBlock.txt | 63 ++++++++ .../moa_id/examples/conf/MOA-ID-Configuration.xml | 54 +++++++ .../doc/moa_id/examples/conf/OAConfBasicAuth.xml | 12 ++ .../doc/moa_id/examples/conf/OAConfHeaderAuth.xml | 17 ++ .../doc/moa_id/examples/conf/OAConfParamAuth.xml | 14 ++ id.server/doc/moa_id/examples/moa-id-env-linux.txt | 1 + .../doc/moa_id/examples/moa-id-env-windows.txt | 1 + 12 files changed, 369 insertions(+) create mode 100644 id.server/doc/moa_id/examples/BKUSelectionTemplate.html create mode 100644 id.server/doc/moa_id/examples/ChainingModes.txt create mode 100644 id.server/doc/moa_id/examples/IdentityLinkSigners.txt create mode 100644 id.server/doc/moa_id/examples/LoginServletExample.txt create mode 100644 id.server/doc/moa_id/examples/Template.html create mode 100644 id.server/doc/moa_id/examples/TransformsInfoAuthBlock.txt create mode 100644 id.server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml create mode 100644 id.server/doc/moa_id/examples/conf/OAConfBasicAuth.xml create mode 100644 id.server/doc/moa_id/examples/conf/OAConfHeaderAuth.xml create mode 100644 id.server/doc/moa_id/examples/conf/OAConfParamAuth.xml create mode 100644 id.server/doc/moa_id/examples/moa-id-env-linux.txt create mode 100644 id.server/doc/moa_id/examples/moa-id-env-windows.txt (limited to 'id.server/doc/moa_id/examples') diff --git a/id.server/doc/moa_id/examples/BKUSelectionTemplate.html b/id.server/doc/moa_id/examples/BKUSelectionTemplate.html new file mode 100644 index 000000000..11c9352d2 --- /dev/null +++ b/id.server/doc/moa_id/examples/BKUSelectionTemplate.html @@ -0,0 +1,4 @@ +
+ + + diff --git a/id.server/doc/moa_id/examples/ChainingModes.txt b/id.server/doc/moa_id/examples/ChainingModes.txt new file mode 100644 index 000000000..820b60d06 --- /dev/null +++ b/id.server/doc/moa_id/examples/ChainingModes.txt @@ -0,0 +1,6 @@ + + + CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT + 536 + + diff --git a/id.server/doc/moa_id/examples/IdentityLinkSigners.txt b/id.server/doc/moa_id/examples/IdentityLinkSigners.txt new file mode 100644 index 000000000..faed15030 --- /dev/null +++ b/id.server/doc/moa_id/examples/IdentityLinkSigners.txt @@ -0,0 +1,3 @@ + + CN=zmr,OU=BMI-IV-2,O=BMI,C=AT + diff --git a/id.server/doc/moa_id/examples/LoginServletExample.txt b/id.server/doc/moa_id/examples/LoginServletExample.txt new file mode 100644 index 000000000..e085e4126 --- /dev/null +++ b/id.server/doc/moa_id/examples/LoginServletExample.txt @@ -0,0 +1,171 @@ +import java.io.IOException; +import java.util.Vector; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.xml.namespace.QName; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.rpc.Call; +import javax.xml.rpc.Service; +import javax.xml.rpc.ServiceFactory; + +import org.apache.axis.message.SOAPBodyElement; +import org.apache.xml.serialize.LineSeparator; +import org.apache.xml.serialize.OutputFormat; +import org.apache.xml.serialize.XMLSerializer; +import org.jaxen.JaxenException; +import org.jaxen.SimpleNamespaceContext; +import org.jaxen.dom.DOMXPath; +import org.w3c.dom.Attr; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +/** + * Beispiel für ein Login-Servlet, das von MOA-ID-AUTH über einen Redirect aufgerufen wird. + * Es werden demonstriert: + * - Parameterübergabe von MOA-ID-AUTH + * - Aufruf des MOA-ID-AUTH Web Service zum Abholen der Anmeldedaten über das Apache Axis Framework + * - Parsen der Anmeldedaten mittels der XPath Engine "Jaxen" + * - Speichern der Anmeldedaten in der HTTPSession + * - Redirect auf die eigentliche Startseite der OA + * + * @author Paul Ivancsics + */ +public class LoginServletExample extends HttpServlet { + + // Web Service QName und Endpoint + private static final QName SERVICE_QNAME = new QName("GetAuthenticationData"); + private static final String ENDPOINT = + "http://localhost:8080/moa-id-auth/services/GetAuthenticationData"; + // NamespaceContext für Jaxen + private static SimpleNamespaceContext NS_CONTEXT; + static { + NS_CONTEXT = new SimpleNamespaceContext(); + NS_CONTEXT.addNamespace("saml", "urn:oasis:names:tc:SAML:1.0:assertion"); + NS_CONTEXT.addNamespace("samlp", "urn:oasis:names:tc:SAML:1.0:protocol"); + NS_CONTEXT.addNamespace("pr", "http://reference.e-government.gv.at/namespace/persondata/20020228#"); + } + + /** + * Servlet wird von MOA-ID-AUTH nach erfolgter Authentisierung über ein Redirect aufgerufen. + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + // Parameter "Target" und "SAMLArtifact" aus dem Redirect von MOA-ID-AUTH lesen + String target = req.getParameter("Target"); + String samlArtifact = req.getParameter("SAMLArtifact"); + + try { + // DOMBuilder instanzieren + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + DocumentBuilder builder = factory.newDocumentBuilder(); + + // zusammenstellen und in einen DOM-Baum umwandeln + String samlRequest = + "" + + samlArtifact + + ""; + Document root_request = builder.parse(samlRequest); + + // Neues SOAPBodyElement anlegen und mit dem DOM-Baum füllen + SOAPBodyElement body = new SOAPBodyElement(root_request.getDocumentElement()); + SOAPBodyElement[] params = new SOAPBodyElement[] { body }; + + // AXIS-Service für Aufruf von MOA-ID-AUTH instanzieren + Service service = ServiceFactory.newInstance().createService(SERVICE_QNAME); + + // Axis-Call erzeugen und mit Endpoint verknüpfen + Call call = service.createCall(); + call.setTargetEndpointAddress(ENDPOINT); + + // Call aufrufen und die Antwort speichern + System.out.println("Calling MOA-ID-AUTH ..."); + Vector responses = (Vector) call.invoke(params); + + // erstes BodyElement auslesen + SOAPBodyElement response = (SOAPBodyElement) responses.get(0); + + // als DOM-Baum holen + Document responseDocument = response.getAsDocument(); + Element samlResponse = responseDocument.getDocumentElement(); + + // auf System.out ausgeben + System.out.println("Response received:"); + OutputFormat format = new OutputFormat((Document) responseDocument); + format.setLineSeparator(LineSeparator.Windows); + format.setIndenting(true); + format.setLineWidth(0); + XMLSerializer serializer = new XMLSerializer(System.out, format); + serializer.asDOMSerializer(); + serializer.serialize(responseDocument); + + // auslesen + Attr statusCodeAttr = (Attr)getNode(samlResponse, "/samlp:Response/samlp:Status/samlp:StatusCode/@Value"); + String samlStatusCode = statusCodeAttr.getValue(); + System.out.println("StatusCode: " + samlStatusCode); + + // auslesen + if ("samlp:Success".equals(samlStatusCode)) { + Element samlAssertion = (Element)getNode(samlResponse, "/samlp:Response/saml:Assertion"); + + // FamilyName aus der parsen + Node familyNameNode = getNode(samlAssertion, "//saml:AttributeStatement/saml:Attribute[@AttributeName=\"PersonData\"]/saml:AttributeValue/pr:Person/pr:Name/pr:FamilyName"); + String familyName = getText(familyNameNode); + System.out.println("Family name: " + familyName); + + // weitere Anmeldedaten aus der parsen + // ... + + // Anmeldedaten und Target in der HTTPSession speichern + HttpSession session = req.getSession(); + session.setAttribute("UserFamilyName", familyName); + session.setAttribute("Geschaeftsbereich", target); + + // weitere Anmeldedaten in der HTTPSession speichern + // ... + + // Redirect auf die eigentliche Startseite + resp.sendRedirect("/index.jsp"); + } + } + catch (Exception ex) { + ex.printStackTrace(); + } + } + /** Returns the first node matching an XPath expression. */ + private static Node getNode(Node contextNode, String xpathExpression) throws JaxenException { + DOMXPath xpath = new DOMXPath(xpathExpression); + xpath.setNamespaceContext(NS_CONTEXT); + return (Node) xpath.selectSingleNode(contextNode); + } + /** Returns the text that a node contains. */ + public static String getText(Node node) { + if (!node.hasChildNodes()) { + return ""; + } + + StringBuffer result = new StringBuffer(); + NodeList list = node.getChildNodes(); + for (int i = 0; i < list.getLength(); i++) { + Node subnode = list.item(i); + if (subnode.getNodeType() == Node.TEXT_NODE) { + result.append(subnode.getNodeValue()); + } else if (subnode.getNodeType() == Node.CDATA_SECTION_NODE) { + result.append(subnode.getNodeValue()); + } else if (subnode.getNodeType() == Node.ENTITY_REFERENCE_NODE) { + // Recurse into the subtree for text + // (and ignore comments) + result.append(getText(subnode)); + } + } + return result.toString(); + } +} diff --git a/id.server/doc/moa_id/examples/Template.html b/id.server/doc/moa_id/examples/Template.html new file mode 100644 index 000000000..97e54c6af --- /dev/null +++ b/id.server/doc/moa_id/examples/Template.html @@ -0,0 +1,23 @@ +
+ + + +
+
+ + + Hier finden Sie weitere Informationen zur Überprüfung der Zertifikate.
+ +
\ No newline at end of file diff --git a/id.server/doc/moa_id/examples/TransformsInfoAuthBlock.txt b/id.server/doc/moa_id/examples/TransformsInfoAuthBlock.txt new file mode 100644 index 000000000..396d0faea --- /dev/null +++ b/id.server/doc/moa_id/examples/TransformsInfoAuthBlock.txt @@ -0,0 +1,63 @@ + + + + + + + + +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +
+ + + + + + + + + + + + + + + + + + + + + +
+ Name: + + +
+ Zeit: + + .., :: +
+ Applikation: + + +
+ Geschäftsbereich: + + +
+ Anmeldeserver: + + +
+ + +
+
+
+ +
+ + text/html + +
diff --git a/id.server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml b/id.server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml new file mode 100644 index 000000000..6ce00228c --- /dev/null +++ b/id.server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml @@ -0,0 +1,54 @@ + + + + + + + + + + + + + file:/home/moa/id/jakarta-tomcat-4.1.18/conf/moa-id/certs/server-certs + file:/c:/ + + + TrustProfile1 + + + TrustProfile1 + TransformsInfoProfile1MOAID + + + + CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT + + + + + + http://www.altova.com + http://www.altova.com + + + + + + + + file:/home/moa/id/jakarta-tomcat-4.1.18/conf/moa-id/oa/server-certs/tomcat + URL:toClientKeystoreOA + + + + + + CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT + 536 + + + + + + diff --git a/id.server/doc/moa_id/examples/conf/OAConfBasicAuth.xml b/id.server/doc/moa_id/examples/conf/OAConfBasicAuth.xml new file mode 100644 index 000000000..0e4508036 --- /dev/null +++ b/id.server/doc/moa_id/examples/conf/OAConfBasicAuth.xml @@ -0,0 +1,12 @@ + + + stateful + + MOAFamilyName + MOADateOfBirth + + + + \ No newline at end of file diff --git a/id.server/doc/moa_id/examples/conf/OAConfHeaderAuth.xml b/id.server/doc/moa_id/examples/conf/OAConfHeaderAuth.xml new file mode 100644 index 000000000..c1a1964bf --- /dev/null +++ b/id.server/doc/moa_id/examples/conf/OAConfHeaderAuth.xml @@ -0,0 +1,17 @@ + + + stateful + + + + + + + + + \ No newline at end of file diff --git a/id.server/doc/moa_id/examples/conf/OAConfParamAuth.xml b/id.server/doc/moa_id/examples/conf/OAConfParamAuth.xml new file mode 100644 index 000000000..18e0a109c --- /dev/null +++ b/id.server/doc/moa_id/examples/conf/OAConfParamAuth.xml @@ -0,0 +1,14 @@ + + + stateful + + + + + + + + + \ No newline at end of file diff --git a/id.server/doc/moa_id/examples/moa-id-env-linux.txt b/id.server/doc/moa_id/examples/moa-id-env-linux.txt new file mode 100644 index 000000000..995d0b4d4 --- /dev/null +++ b/id.server/doc/moa_id/examples/moa-id-env-linux.txt @@ -0,0 +1 @@ +export CATALINA_OPTS="-Dmoa.id.configuration=/home/moa/jakarta-tomcat-4.1.18/conf/moa-id/MOAIDConfiguration.xml -Dlog4j.configuration=file:/home/moa/jakarta-tomcat-4.1.18/conf/moa-id/log4j.properties" diff --git a/id.server/doc/moa_id/examples/moa-id-env-windows.txt b/id.server/doc/moa_id/examples/moa-id-env-windows.txt new file mode 100644 index 000000000..109c196cf --- /dev/null +++ b/id.server/doc/moa_id/examples/moa-id-env-windows.txt @@ -0,0 +1 @@ +set CATALINA_OPTS=-Dmoa.id.configuration=c:\jakarta-tomcat-4.1.18\conf\moa-id\MOAIDConfiguration.xml -Dlog4j.configuration=file:c:\jakarta-tomcat-4.1.18\conf\moa-id\log4j.properties -- cgit v1.2.3