From 52a855d948a6c3090b5d696774896deac95b621f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 26 Aug 2015 14:03:58 +0200 Subject: Allow multiple alias domains - Every alias domain is a own EntityID which is the configured PublicURLPrefix --- .../moa/id/demoOA/servlet/pvp2/Authenticate.java | 62 +++++++++++++++------- 1 file changed, 43 insertions(+), 19 deletions(-) (limited to 'id/oa') diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java index 4bce49465..0b8251386 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java @@ -43,6 +43,7 @@ import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; +import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; import org.opensaml.saml2.core.AuthnContextClassRef; import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.core.AuthnRequest; @@ -124,7 +125,7 @@ public class Authenticate extends HttpServlet { serviceURL = serviceURL + "/"; //name.setValue(serviceURL); issuer.setValue(serviceURL); - + // subject.setNameID(name); // authReq.setSubject(subject); issuer.setFormat(NameIDType.ENTITY); @@ -155,13 +156,21 @@ public class Authenticate extends HttpServlet { for (SingleSignOnService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { +// //Get the service address for the binding you wish to use +// if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { +// redirectEndpoint = sss; +// } + //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { redirectEndpoint = sss; } + } authReq.setDestination(redirectEndpoint.getLocation()); + //authReq.setDestination("http://test.test.test"); + RequestedAuthnContext reqAuthContext = SAML2Utils.createSAMLObject(RequestedAuthnContext.class); @@ -191,32 +200,47 @@ public class Authenticate extends HttpServlet { authReq.setSignature(signer); //generate Http-POST Binding message - VelocityEngine engine = new VelocityEngine(); - engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); - engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); - engine.setProperty("classpath.resource.loader.class", - "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); - engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, - "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); - engine.init(); - - HTTPPostEncoder encoder = new HTTPPostEncoder(engine, - "templates/pvp_postbinding_template.html"); +// VelocityEngine engine = new VelocityEngine(); +// engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); +// engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); +// engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); +// engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); +// engine.setProperty("classpath.resource.loader.class", +// "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); +// engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, +// "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); +// engine.init(); +// +// HTTPPostEncoder encoder = new HTTPPostEncoder(engine, +// "templates/pvp_postbinding_template.html"); +// HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( +// response, true); +// BasicSAMLMessageContext context = new BasicSAMLMessageContext(); +// SingleSignOnService service = new SingleSignOnServiceBuilder() +// .buildObject(); +// service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); +// service.setLocation(redirectEndpoint.getLocation());; +// +// context.setOutboundSAMLMessageSigningCredential(authcredential); +// context.setPeerEntityEndpoint(service); +// context.setOutboundSAMLMessage(authReq); +// context.setOutboundMessageTransport(responseAdapter); + + //generate Redirect Binding message + HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( response, true); BasicSAMLMessageContext context = new BasicSAMLMessageContext(); SingleSignOnService service = new SingleSignOnServiceBuilder() .buildObject(); - service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); - service.setLocation(redirectEndpoint.getLocation());; - + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(redirectEndpoint.getLocation()); context.setOutboundSAMLMessageSigningCredential(authcredential); context.setPeerEntityEndpoint(service); context.setOutboundSAMLMessage(authReq); context.setOutboundMessageTransport(responseAdapter); - + //context.setRelayState(relayState); + encoder.encode(context); } catch (Exception e) { -- cgit v1.2.3