From 996774dbf06b037d9f843e57a2cfac9bcc111a51 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 24 May 2019 08:14:55 +0200
Subject: update Demo-OA to illustrate SAML2 SubjectNameId

---
 .../egovernment/moa/id/demoOA/Configuration.java   | 16 +++++++-
 .../moa/id/demoOA/servlet/pvp2/Authenticate.java   | 44 +++++++++++++---------
 .../id/demoOA/servlet/pvp2/DemoApplication.java    | 23 ++++++++---
 .../moa/id/demoOA/utils/ApplicationBean.java       |  9 +++++
 id/oa/src/main/webapp/demoapp.jsp                  |  6 ++-
 id/oa/src/main/webapp/index.jsp                    |  2 +
 6 files changed, 76 insertions(+), 24 deletions(-)

(limited to 'id/oa')

diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
index 09069ac7f..8ada01cb6 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
@@ -182,6 +182,21 @@ public class Configuration {
 		return Boolean.parseBoolean(props.getProperty("general.login.pvp2.binding.resp.redirect", "false"));
 	}
 	
+
+	public boolean setAuthnContextClassRef() {
+		return Boolean.parseBoolean(props.getProperty("general.login.pvp2.req.set.authncontextclassref", "true"));
+	}
+	
+	public String getScopeRequesterId() {
+		return props.getProperty("general.login.pvp2.sp.requesterId");
+	}
+	
+	public boolean setNameIdPolicy() {
+			return Boolean.parseBoolean(props.getProperty("general.login.pvp2.req.set.nameIDPolicy", "true"));
+	}
+
+
+	
 	public void initializePVP2Login() throws ConfigurationException {
 		if (!pvp2logininitialzied)
 			initalPVP2Login();
@@ -276,6 +291,5 @@ public class Configuration {
 			throw new ConfigurationException("PVP2 authentification can not be initialized.", e);
 		}	
 	}
-
 		
 }
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
index 4c909ff80..0671b8c14 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
@@ -35,6 +35,7 @@ import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
 import org.apache.commons.lang3.RandomUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.velocity.app.VelocityEngine;
 import org.apache.velocity.runtime.RuntimeConstants;
 import org.joda.time.DateTime;
@@ -52,6 +53,8 @@ import org.opensaml.saml2.core.NameID;
 import org.opensaml.saml2.core.NameIDPolicy;
 import org.opensaml.saml2.core.NameIDType;
 import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.RequesterID;
+import org.opensaml.saml2.core.Scoping;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SingleSignOnService;
 import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
@@ -136,11 +139,12 @@ public class Authenticate extends HttpServlet {
 			issuer.setFormat(NameIDType.ENTITY);
 			authReq.setIssuer(issuer);
 			
-			NameIDPolicy policy = SAML2Utils
-					.createSAMLObject(NameIDPolicy.class);
-			policy.setAllowCreate(true);			
-			policy.setFormat(NameID.PERSISTENT);			
-			authReq.setNameIDPolicy(policy);
+			if (config.setNameIdPolicy()) {
+				NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class);
+				policy.setAllowCreate(true);			
+				policy.setFormat(NameID.PERSISTENT);			
+				authReq.setNameIDPolicy(policy);
+			}
 			
 			String entityname = config.getPVP2IDPMetadataEntityName();
 			if (MiscUtil.isEmpty(entityname)) {
@@ -183,20 +187,26 @@ public class Authenticate extends HttpServlet {
 			
 			//authReq.setDestination("http://test.test.test");
 			
+			if (config.setAuthnContextClassRef()) {
+				RequestedAuthnContext reqAuthContext = 
+						SAML2Utils.createSAMLObject(RequestedAuthnContext.class);			
+				AuthnContextClassRef authnClassRef = 
+						SAML2Utils.createSAMLObject(AuthnContextClassRef.class);			
+				authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
+				reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);			
+				reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);			
+				authReq.setRequestedAuthnContext(reqAuthContext);
+			}
 			
-			RequestedAuthnContext reqAuthContext = 
-					SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
-			
-			AuthnContextClassRef authnClassRef = 
-					SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-			
-			authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
-
-			reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
-			
-			reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
+			if (StringUtils.isNotEmpty(config.getScopeRequesterId())) {
+				Scoping scope = SAML2Utils.createSAMLObject(Scoping.class);
+				RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class);
+				requesterId.setRequesterID(config.getScopeRequesterId());
+				scope.getRequesterIDs().add(requesterId );
+				authReq.setScoping(scope );
+				
+			}
 			
-			authReq.setRequestedAuthnContext(reqAuthContext);
 			
 			//sign authentication request
 			KeyStore keyStore = config.getPVP2KeyStore();
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
index aeb4d8eac..e36a880ba 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
@@ -198,11 +198,7 @@ public class DemoApplication extends HttpServlet {
 				
 			}
 			
-			//set assertion
-			org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
-			String assertion = DOMUtils.serializeNode(doc);				
-			bean.setAssertion(assertion);
-			
+	
 			if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
 		
 				List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
@@ -245,12 +241,28 @@ public class DemoApplication extends HttpServlet {
 			
 				}
 				
+				samlResponse.getAssertions().clear();
+				samlResponse.getAssertions().addAll(saml2assertions);
+				
+				//set assertion
+				org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
+				String assertion = DOMUtils.serializeNode(doc);				
+				bean.setAssertion(assertion);	
+				
+				String principleId = null;
 				String givenName = null;
 				String familyName = null;
 				String birthday = null;
 				
 				for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
 					
+					try {
+						principleId = saml2assertion.getSubject().getNameID().getValue();
+						
+					} catch (Exception e) {
+						log.warn("Can not read SubjectNameId", e);
+					}
+					
 					//loop through the nodes to get what we want
 					List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements();
 					for (int i = 0; i < attributeStatements.size(); i++)
@@ -277,6 +289,7 @@ public class DemoApplication extends HttpServlet {
 					
 				}
 									
+				bean.setPrincipleId(principleId);
 				bean.setDateOfBirth(birthday);
 				bean.setFamilyName(familyName);
 				bean.setGivenName(givenName);
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java
index 05c253b6e..59090cbcc 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java
@@ -32,6 +32,7 @@ public class ApplicationBean implements Serializable {
 	private String givenName;
 	private String dateOfBirth;
 	private String assertion;
+	private String principleId;
 	
 	private boolean isLogin = false; 
 	
@@ -122,6 +123,14 @@ public class ApplicationBean implements Serializable {
 	public void setSuccessMessage(String successMessage) {
 		this.successMessage = successMessage;
 	}
+	
+	public String getPrincipleId() {
+		return principleId;
+	}
+	public void setPrincipleId(String principleId) {
+		this.principleId = principleId;
+	}
+
 
 	
 	
diff --git a/id/oa/src/main/webapp/demoapp.jsp b/id/oa/src/main/webapp/demoapp.jsp
index c6b005deb..7d511a5ce 100644
--- a/id/oa/src/main/webapp/demoapp.jsp
+++ b/id/oa/src/main/webapp/demoapp.jsp
@@ -31,7 +31,11 @@
 							<div id="demonstrator_loginInformation">							
 								<table>
 									<tr>
-										<td align="right">Benutzerdaten:</td>
+										<td align="right">PrincipleId: </td>
+										<td><%= bean.getPrincipleId()%></td>
+									</tr>
+									<tr>
+										<td align="right">Benutzerdaten:</td>										
 										<td><%= bean.getGivenName()%>&nbsp;  
 											<%= bean.getFamilyName()%>&nbsp;  
 											<%= bean.getDateOfBirth()%></td>
diff --git a/id/oa/src/main/webapp/index.jsp b/id/oa/src/main/webapp/index.jsp
index 49f3e3e3a..628d3e7a3 100644
--- a/id/oa/src/main/webapp/index.jsp
+++ b/id/oa/src/main/webapp/index.jsp
@@ -21,6 +21,8 @@
 		
     <div id="demonstrator_leftcontent">
     	<input type="button" size="400" value="Login" onclick="PVP2LoginIframe('servlet/pvp2login');" id="submitbutton"/>
+    	 <br><br>
+      <a href="servlet/pvp2login">Login in fullFrame</a>
     </div>
 	</div>
 	
-- 
cgit v1.2.3