From 2e59ebb5e82cac6fa4defc0ca4d201e59891d84f Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 17 Jan 2014 16:57:02 +0100 Subject: adding stork2 support to urlrewrite --- id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index d33cae207..cc9cc8236 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -52,7 +52,19 @@ /dispatcher?mod=id_pvp2x&action=Soap - + + ^/stork2/StartAuthentication$ + /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + + + ^/stork2/SendPEPSAuthnRequest$ + /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + + + + + + The outbound-rule specifies that when response.encodeURL is called (if you are using JSTL c:url) -- cgit v1.2.3 From 6e4f150c26b55cb2a0771e4d6c9b65cbc760c0f2 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 14 Feb 2014 16:11:09 +0100 Subject: logging --- id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml | 6 +++++- .../egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 7 +++++-- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index f8fdcaffc..b63d413d0 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -60,9 +60,13 @@ ^/stork2/SendPEPSAuthnRequest$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + + ^/moa-id-auth/SendPEPSAuthnRequest$ + /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + - + ^/oauth2/auth\\?(.*)$ /dispatcher?mod=id_oauth20&action=AUTH&%{query-string} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 1971fe12d..1fa88e0a2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -156,11 +156,14 @@ public class AuthenticationRequest implements IAction { context.put("SAMLResponse", IOUtils.toString(authnResponse.getTokenSaml())); Logger.info("Putting saml token in response: " + org.bouncycastle.util.encoders.Base64.decode(context.get("SAMLResponse").toString())); - Logger.info("Putting assertion consumer url as action: " + ((STORKAuthnRequestDEL)req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + Logger.debug("Putting assertion consumer url as action: " + ((STORKAuthnRequestDEL)req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); context.put("action", ((STORKAuthnRequestDEL) req).getStorkAuthnRequest().getAssertionConsumerServiceURL()); + Logger.debug("Starting template merge"); StringWriter writer = new StringWriter(); + Logger.debug("Doing template merge"); template.merge(context, writer); - + Logger.debug("Template merge done"); + Logger.debug("Sending html content: " + writer.toString().getBytes()); httpResp.getOutputStream().write(writer.toString().getBytes()); } catch (Exception e) { -- cgit v1.2.3 From 3f388c8862a4543d8c7f791e5ff47090d533aa0c Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 20 Feb 2014 14:55:17 +0100 Subject: added attribute collector action to protocol and urlrewrite --- id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml | 4 ++++ .../java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java | 1 + 2 files changed, 5 insertions(+) (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index f8fdcaffc..563ee04dd 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -56,6 +56,10 @@ ^/stork2/StartAuthentication$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + + ^/stork2/ResumeAuthentication$ + /dispatcher?mod=id_stork2&action=AttributeCollector&%{query-string} + ^/stork2/SendPEPSAuthnRequest$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 323d9ba8e..318a8fc9c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -43,6 +43,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { static { actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); + actions.put(ATTRIBUTE_COLLECTOR, new AttributeCollector()); instance = new STORKProtocol(); } -- cgit v1.2.3 From 8dbc7af299d5e7a1dd4d1085d2840ff00f403bbb Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Mon, 3 Mar 2014 20:28:57 +0100 Subject: attribut test --- .../auth/src/main/webapp/WEB-INF/urlrewrite.xml | 4 + .../moa/id/entrypoints/DispatcherServlet.java | 2 +- .../id/protocols/stork2/AttributeCollector.java | 12 ++- .../moa/id/protocols/stork2/AttributeProvider.java | 1 + .../protocols/stork2/AttributeProviderFactory.java | 98 +++++++++++----------- .../id/protocols/stork2/MISAttributeProvider.java | 22 ++++- .../moa/id/protocols/stork2/MOASTORKRequest.java | 2 +- .../protocols/stork2/MandateRetrievalRequest.java | 28 +++++++ .../moa/id/protocols/stork2/STORKProtocol.java | 8 +- 9 files changed, 120 insertions(+), 57 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index 59d6d6cce..d6df363c5 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -68,6 +68,10 @@ ^/moa-id-auth/SendPEPSAuthnRequest$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + + ^/moa-id-auth/RetrieveMandate$ + /dispatcher?mod=id_stork2&action=MandateRetrievalRequest&%{query-string} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 3af8bcfe5..647c8bb39 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -491,7 +491,7 @@ public class DispatcherServlet extends AuthServlet{ } } catch (Throwable e) { - Logger.info("An authentication error occous: " + e.getMessage());; + Logger.info("An authentication error occured: " + e.getMessage());; // Try handle module specific, if not possible rethrow if (!info.generateErrorMessage(e, req, resp, protocolRequest)) { throw e; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 57c68e94c..030d7c497 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -124,15 +124,18 @@ public class AttributeCollector implements IAction { try { // for each attribute still missing for (PersonalAttribute currentAttribute : missingAttributes) { + Logger.error("Checking missing attribute: " + currentAttribute.getName()); // - check if we can find a suitable AttributeProvider Plugin for (AttributeProvider currentProvider : AttributeProviderFactory.getConfiguredPlugins(oaParam.getStorkAPs())) { try { // - hand over control to the suitable plugin + Logger.error("Going to acquire missing attribute: " + currentAttribute.getName() + " at provider: " + currentProvider.getClass().getName()); IPersonalAttributeList aquiredAttributes = currentProvider.acquire(currentAttribute, moasession); // - add the aquired attribute to the container - for (PersonalAttribute current : aquiredAttributes) - container.getResponse().getPersonalAttributeList().add(current); + + try { for (PersonalAttribute current : aquiredAttributes) + container.getResponse().getPersonalAttributeList().add(current); } catch (NullPointerException ex) { Logger.error ("Nothing found");} } catch (UnsupportedAttributeException e) { // ok, try the next attributeprovider } catch (MOAIDException e) { @@ -154,6 +157,7 @@ public class AttributeCollector implements IAction { } catch (ExternalAttributeRequestRequiredException e) { // the attribute request is ongoing and requires an external service. + Logger.error("EXTERNAL EXCEPTION CAUGHT"); try { // memorize the container again // - generate new key @@ -163,19 +167,19 @@ public class AttributeCollector implements IAction { AssertionStorage.getInstance().put(newArtifactId, container); // add container-key to redirect embedded within the return URL + Logger.info("Performing redirect to gather attributes to: " + AuthConfigurationProvider.getInstance().getPublicURLPrefix()); e.getAp().performRedirect(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "?" + ARTIFACT_ID + "=" + newArtifactId, container.getRequest().getCitizenCountryCode(), request, response, oaParam); } catch (Exception e1) { // TODO should we return the response as is to the PEPS? Logger.error("Error putting incomplete Stork response into temporary storage", e); + e1.printStackTrace(); throw new MOAIDException("stork.11", null); } return "12345"; // TODO what to do here? } - - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index 59376fef6..2ecae1288 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -52,4 +52,5 @@ public interface AttributeProvider { */ public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException; + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index 23edf69f9..953758dc3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -1,59 +1,61 @@ package at.gv.egovernment.moa.id.protocols.stork2; +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; + import java.util.ArrayList; import java.util.List; -import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; - /** * A factory for creating AttributeProvider objects. */ public class AttributeProviderFactory { - /** - * Gets the available plugins. - * - * @return the available plugins - */ - public static List getAvailablePlugins() { - List result = new ArrayList(); - result.add("StorkAttributeRequestProvider"); - result.add("EHvdAttributeProvider"); - - return result; - } - - /** - * Creates an AttributeProvider object for the given shortname. Returns - * {@code null} if there is no such provider available. - * - * @param shortname - * the simpleName for the providers class - * @return the attribute provider - */ - public static AttributeProvider create(String shortname, String url) { - if (shortname.equals("StorkAttributeRequestProvider")) { - return new StorkAttributeRequestProvider(url); - } else if(shortname.equals("EHvdAttributeProvider")) { - return new EHvdAttributeProviderPlugin(url); - } else { - return null; - } - } - - /** - * Gets fresh instances of the configured plugins. - * - * @param configuredAPs the configured a ps - * @return the configured plugins - */ - public static List getConfiguredPlugins( - List configuredAPs) { - - List result = new ArrayList(); - for(AttributeProviderPlugin current : configuredAPs) - result.add(create(current.getName(), current.getUrl())); - - return result; - } + /** + * Gets the available plugins. + * + * @return the available plugins + */ + public static List getAvailablePlugins() { + List result = new ArrayList(); + result.add("StorkAttributeRequestProvider"); + result.add("EHvdAttributeProvider"); + result.add("MISAttributeProvider"); + + return result; + } + + /** + * Creates an AttributeProvider object for the given shortname. Returns + * {@code null} if there is no such provider available. + * + * @param shortname the simpleName for the providers class + * @return the attribute provider + */ + public static AttributeProvider create(String shortname, String url) { + if (shortname.equals("StorkAttributeRequestProvider")) { + return new StorkAttributeRequestProvider(url); + } else if (shortname.equals("EHvdAttributeProvider")) { + return new EHvdAttributeProviderPlugin(url); + } else if (shortname.equals("MISAttributeProvider")) { + return new MISAttributeProvider(url); + } else { + return null; + } + } + + /** + * Gets fresh instances of the configured plugins. + * + * @param configuredAPs the configured a ps + * @return the configured plugins + */ + public static List getConfiguredPlugins( + List configuredAPs) { + + List result = new ArrayList(); + for (AttributeProviderPlugin current : configuredAPs) + result.add(create(current.getName(), current.getUrl())); + + return result; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java index 7665bb239..8cdbfd37c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MISAttributeProvider.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -13,15 +14,34 @@ import javax.servlet.http.HttpServletResponse; * Implements Attribute Provider for Mandates */ public class MISAttributeProvider implements AttributeProvider { + + String url = null; + + public MISAttributeProvider(String url) { + this.url = url; + } + public IPersonalAttributeList acquire(PersonalAttribute attributes, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + Logger.error("Entering MIS for attribute: " + attributes.getName()); + + if (attributes.getName().equals("residencePermit")) { + Logger.error("MIS EXCEPTION: " + attributes.getName()); + throw new ExternalAttributeRequestRequiredException(this); + } + return null; // } public void performRedirect(String url, String citizenCountyCode, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { - // + Logger.error("Entering MIS redirect for attribute: " ); + } public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { return null; // } + + public String getName() { + return "MandateProvider"; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index 47a86174f..39a6907c1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -52,7 +52,7 @@ public class MOASTORKRequest implements IRequest { return this.storkAttrQueryRequest; } - public String getOAURL() { + public String getOAURL() { // TODO CHECK IT if (isAuthnRequest) return storkAuthnRequest.getAssertionConsumerServiceURL(); else if (isAttrRequest) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java new file mode 100644 index 000000000..bad711dbb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.protocols.stork2; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import com.sun.xml.ws.security.trust.WSTrustConstants; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Processes mandate data after authentication is done in AT + * @author bsuzic + */ +public class MandateRetrievalRequest implements IAction { + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + return null; // + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + return true; + } + + public String getDefaultActionName() { + return STORKProtocol.MANDATERETRIEVALREQUEST; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index e68b66510..3762a5101 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -31,6 +31,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest"; public static final String ATTRIBUTE_COLLECTOR = "AttributeCollector"; + public static final String MANDATERETRIEVALREQUEST = "MandateRetrievalRequest"; private static HashMap actions = new HashMap(); @@ -102,16 +103,19 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { authnRequest = authnEngine.validateSTORKAuthnRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } catch (ClassCastException e) { + Logger.error("Could not extract authenticaiton request"); } - // check if a valid attr request is container + // check if a valid attr request is containerd try { attrRequest = attrEngine.validateSTORKAttrQueryRequest(decSamlToken); } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } catch (ClassCastException e) { + Logger.error("Could not extract attribute request"); } - // if there is no authn or attr request, raise error if ((authnRequest == null) && (attrRequest == null)) { Logger.error("There is no authentication or attribute request contained."); -- cgit v1.2.3 From 7d2a9006e925f5999da0cc947394476780ed6dfa Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 5 Mar 2014 19:42:07 +0100 Subject: update MOA-ID-Auth index.html --- .../main/webapp/BKAuswahl-MOA-Template-Howto.pdf | Bin 193669 -> 0 bytes id/server/auth/src/main/webapp/Blockdiagramm.png | Bin 0 -> 84989 bytes .../auth/src/main/webapp/META-INF/MANIFEST.MF | 2 - .../src/main/webapp/WEB-INF/server-config.wsdd | 29 - .../auth/src/main/webapp/WEB-INF/urlrewrite.xml | 81 --- id/server/auth/src/main/webapp/WEB-INF/web.xml | 257 --------- id/server/auth/src/main/webapp/anmeldeablauf.png | Bin 0 -> 51580 bytes id/server/auth/src/main/webapp/common/LogoBKA.png | Bin 0 -> 8062 bytes id/server/auth/src/main/webapp/common/LogoEGIZ.png | Bin 0 -> 77395 bytes id/server/auth/src/main/webapp/common/MOA.css | 617 +++++++++++++++++++++ id/server/auth/src/main/webapp/css/index.css | 451 --------------- id/server/auth/src/main/webapp/errorpage-auth.jsp | 50 -- id/server/auth/src/main/webapp/iframeHandyBKU.html | 58 -- .../auth/src/main/webapp/iframeOnlineBKU.html | 67 --- .../auth/src/main/webapp/img/bk_aktivieren.jpg | Bin 30471 -> 0 bytes id/server/auth/src/main/webapp/img/handy.gif | Bin 4460 -> 0 bytes id/server/auth/src/main/webapp/img/karte.gif | Bin 3360 -> 0 bytes id/server/auth/src/main/webapp/img/logo.jpg | Bin 18260 -> 0 bytes id/server/auth/src/main/webapp/img/mobile-bku.png | Bin 4602 -> 0 bytes id/server/auth/src/main/webapp/img/online-bku.png | Bin 6011 -> 0 bytes id/server/auth/src/main/webapp/img/stork-logo.png | Bin 9160 -> 0 bytes .../auth/src/main/webapp/img/valid-html5-blue.png | Bin 3297 -> 0 bytes .../auth/src/main/webapp/img/w3cvalidhtml5.jpg | Bin 1938 -> 0 bytes id/server/auth/src/main/webapp/index.html | 116 +++- id/server/auth/src/main/webapp/info_bk.html | 100 ---- id/server/auth/src/main/webapp/info_mandates.html | 58 -- id/server/auth/src/main/webapp/info_stork.html | 42 -- id/server/auth/src/main/webapp/message-auth.jsp | 20 - .../auth/src/main/webapp/template_handyBKU.html | 38 -- .../auth/src/main/webapp/template_localBKU.html | 30 - .../auth/src/main/webapp/template_onlineBKU.html | 37 -- 31 files changed, 719 insertions(+), 1334 deletions(-) delete mode 100644 id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf create mode 100644 id/server/auth/src/main/webapp/Blockdiagramm.png delete mode 100644 id/server/auth/src/main/webapp/META-INF/MANIFEST.MF delete mode 100644 id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd delete mode 100644 id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml delete mode 100644 id/server/auth/src/main/webapp/WEB-INF/web.xml create mode 100644 id/server/auth/src/main/webapp/anmeldeablauf.png create mode 100644 id/server/auth/src/main/webapp/common/LogoBKA.png create mode 100644 id/server/auth/src/main/webapp/common/LogoEGIZ.png create mode 100644 id/server/auth/src/main/webapp/common/MOA.css delete mode 100644 id/server/auth/src/main/webapp/css/index.css delete mode 100644 id/server/auth/src/main/webapp/errorpage-auth.jsp delete mode 100644 id/server/auth/src/main/webapp/iframeHandyBKU.html delete mode 100644 id/server/auth/src/main/webapp/iframeOnlineBKU.html delete mode 100644 id/server/auth/src/main/webapp/img/bk_aktivieren.jpg delete mode 100644 id/server/auth/src/main/webapp/img/handy.gif delete mode 100644 id/server/auth/src/main/webapp/img/karte.gif delete mode 100644 id/server/auth/src/main/webapp/img/logo.jpg delete mode 100644 id/server/auth/src/main/webapp/img/mobile-bku.png delete mode 100644 id/server/auth/src/main/webapp/img/online-bku.png delete mode 100644 id/server/auth/src/main/webapp/img/stork-logo.png delete mode 100644 id/server/auth/src/main/webapp/img/valid-html5-blue.png delete mode 100644 id/server/auth/src/main/webapp/img/w3cvalidhtml5.jpg delete mode 100644 id/server/auth/src/main/webapp/info_bk.html delete mode 100644 id/server/auth/src/main/webapp/info_mandates.html delete mode 100644 id/server/auth/src/main/webapp/info_stork.html delete mode 100644 id/server/auth/src/main/webapp/message-auth.jsp delete mode 100644 id/server/auth/src/main/webapp/template_handyBKU.html delete mode 100644 id/server/auth/src/main/webapp/template_localBKU.html delete mode 100644 id/server/auth/src/main/webapp/template_onlineBKU.html (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf b/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf deleted file mode 100644 index 857fcc1dd..000000000 Binary files a/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf and /dev/null differ diff --git a/id/server/auth/src/main/webapp/Blockdiagramm.png b/id/server/auth/src/main/webapp/Blockdiagramm.png new file mode 100644 index 000000000..f5bdb9e3a Binary files /dev/null and b/id/server/auth/src/main/webapp/Blockdiagramm.png differ diff --git a/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF b/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF deleted file mode 100644 index 58630c02e..000000000 --- a/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF +++ /dev/null @@ -1,2 +0,0 @@ -Manifest-Version: 1.0 - diff --git a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd deleted file mode 100644 index 121ec3cf9..000000000 --- a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - - - - urn:oasis:names:tc:SAML:1.0:protocol - - - /resources/wsdl/MOA-ID-1.x.wsdl - - - - - - - - - - - - - - diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml deleted file mode 100644 index 2f17c7d98..000000000 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ /dev/null @@ -1,81 +0,0 @@ - - - - - - - - - The rule means that requests to /test/status/ will be redirected to - /rewrite-status - the url will be rewritten. - - /test/status/ - %{context-path}/rewrite-status - - - - - ^/StartAuthentication$ - /dispatcher?mod=id_saml1&action=GetArtifact - - - ^/StartAuthentication\?(.*)$ - /dispatcher?mod=id_saml1&action=GetArtifact&$1 - - - - ^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$ - /dispatcher?mod=$1&action=$2 - - - ^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)\?(.*)$ - /dispatcher?mod=$1&action=$2&$3 - - - - - ^/pvp2/metadata$ - /dispatcher?mod=id_pvp2x&action=Metadata&%{query-string} - - - ^/pvp2/redirect$ - /dispatcher?mod=id_pvp2x&action=Redirect&%{query-string} - - - ^/pvp2/post$ - /dispatcher?mod=id_pvp2x&action=Post&%{query-string} - - - ^/PVP2Soap$ - /dispatcher?mod=id_pvp2x&action=Soap - - - - ^/oauth2/auth\\?(.*)$ - /dispatcher?mod=id_oauth20&action=AUTH&%{query-string} - - - ^/oauth2/token\\?(.*)$ - /dispatcher?mod=id_oauth20&action=TOKEN&%{query-string} - - - - - - The outbound-rule specifies that when response.encodeURL is called (if - you are using JSTL c:url) - the url /rewrite-status will be rewritten to /test/status/. - - The above rule and this outbound-rule means that end users should never - see the - url /rewrite-status only /test/status/ both in thier location bar and in - hyperlinks - in your pages. - - /rewrite-status - /test/status/ - - - diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml deleted file mode 100644 index 0ef8a568c..000000000 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ /dev/null @@ -1,257 +0,0 @@ - - - - MOA ID Auth - MOA ID Authentication Service - - - GenerateIframeTemplate - GenerateIframeTemplate - Generate BKU Request template - at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet - - - RedirectServlet - RedirectServlet - at.gv.egovernment.moa.id.auth.servlet.RedirectServlet - - - MonitoringServlet - MonitoringServlet - at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet - - - SSOSendAssertionServlet - SSOSendAssertionServlet - at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet - - - LogOut - LogOut - SSO LogOut - at.gv.egovernment.moa.id.auth.servlet.LogOutServlet - 1 - - - VerifyIdentityLink - VerifyIdentityLink - Verify identity link coming from security layer - at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet - - - VerifyCertificate - VerifyCertificate - Verify the certificate coming from security layer - at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet - - - GetMISSessionID - GetMISSessionID - Get the MIS session ID coming from security layer - at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet - - - - GetForeignID - GetForeignID - Gets the foreign eID from security layer - at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet - - - - VerifyAuthBlock - VerifyAuthBlock - Verify AUTH block coming from security layer - at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet - - - - AxisServlet - Apache-Axis Servlet - org.apache.axis.transport.http.AxisServlet - - - - - jspservlet - org.apache.jasper.servlet.JspServlet - - - PEPSConnectorServlet - PEPSConnectorServlet - Servlet receiving STORK SAML Response Messages from - different C-PEPS - - at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet - - - - - DispatcherServlet - Dispatcher Servlet - at.gv.egovernment.moa.id.entrypoints.DispatcherServlet - 1 - - - - - at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet - at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet - - - - - - - DispatcherServlet - /dispatcher - - - - - - - - jspservlet - /errorpage-auth.jsp - - - - jspservlet - /message-auth.jsp - - - - - GenerateIframeTemplate - /GenerateIframeTemplate - - - RedirectServlet - /RedirectServlet - - - MonitoringServlet - /MonitoringServlet - - - SSOSendAssertionServlet - /SSOSendAssertionServlet - - - LogOut - /LogOut - - - VerifyIdentityLink - /VerifyIdentityLink - - - VerifyCertificate - /VerifyCertificate - - - GetMISSessionID - /GetMISSessionID - - - GetForeignID - /GetForeignID - - - - - - VerifyAuthBlock - /VerifyAuthBlock - - - - AxisServlet - /services/* - - - PEPSConnectorServlet - /PEPSConnector - - - - - - - UrlRewriteFilter - org.tuckey.web.filters.urlrewrite.UrlRewriteFilter - - - - UrlRewriteFilter - /* - - - - - 5 - - - 500 - /errorpage.jsp - - - - BASIC - UserDatabase - - - - The role that is required to log in to the moa Application - - moa-admin - - diff --git a/id/server/auth/src/main/webapp/anmeldeablauf.png b/id/server/auth/src/main/webapp/anmeldeablauf.png new file mode 100644 index 000000000..a6af21c5f Binary files /dev/null and b/id/server/auth/src/main/webapp/anmeldeablauf.png differ diff --git a/id/server/auth/src/main/webapp/common/LogoBKA.png b/id/server/auth/src/main/webapp/common/LogoBKA.png new file mode 100644 index 000000000..6a92647fd Binary files /dev/null and b/id/server/auth/src/main/webapp/common/LogoBKA.png differ diff --git a/id/server/auth/src/main/webapp/common/LogoEGIZ.png b/id/server/auth/src/main/webapp/common/LogoEGIZ.png new file mode 100644 index 000000000..39f05d131 Binary files /dev/null and b/id/server/auth/src/main/webapp/common/LogoEGIZ.png differ diff --git a/id/server/auth/src/main/webapp/common/MOA.css b/id/server/auth/src/main/webapp/common/MOA.css new file mode 100644 index 000000000..b7a2b9280 --- /dev/null +++ b/id/server/auth/src/main/webapp/common/MOA.css @@ -0,0 +1,617 @@ +body +{ + font-family: "Times New Roman", Times, serif; + font-size: medium; + font-weight: normal; + margin-left: 2.5em; + margin-right: 2.5em; + background-color: white; + text: #000000; + link: #990000; + vlink: #666666; + alink: #cc9966; +} + + + +p +{ + margin-top: 0pt; + margin-bottom: 0.5em; + text-align: justify +} + +pre +{ + font-family: "Courier New", monospace; + font-size: 90%; + background-color: #cccccc; + color: #000000; + margin-left:1.5%; + margin-right:1.5%; + margin-top: 1em; + margin-bottom: 1em; + border: #008000 none; +} + +hr +{ + color: #000080; + background-color: #000080; + margin-top: 0.5em; + margin-bottom: 0.5em; +} + +table.fixedWidth +{ + width: 97%; + margin-left:1.5%; + margin-right:1.5%; + margin-top: 1em; + margin-bottom: 1em; +} + + +table.varWidth +{ + margin-left:1.5%; + margin-top: 1em; + margin-bottom: 1em; +} + +th +{ + text-align: left; +} + +h1 +{ + color: #000000; + text-align: left; + font-size: 167%; + font-family: Arial, Helvetica, sans-serif; + font-weight: normal; + background-color:#999; +} + +h2 +{ + color: #000000; + font-size: 150%; + font-family: Arial, Helvetica, sans-serif; + font-weight: normal; + background-color:#999; +} + +h3 +{ + color: #000000; + font-size: 133%; + font-family: Arial, Helvetica, sans-serif; + font-weight: normal; + background-color:#999; +} + +h4 +{ + color: #000000; + font-size: 116%; + font-family: Arial, Helvetica, sans-serif; + font-weight: normal; + background-color:#999; +} + +h5 +{ + color: #000000; + font-size: 100%; + font-family: Arial, Helvetica, sans-serif; + font-weight: normal; + background-color:#999; +} + +h6 +{ + color: #000000; + font-size: 83%; + font-family: Arial, Helvetica, sans-serif; + font-weight: normal; + background-color:#999; +} + +code +{ + font-family: "Courier New", Courier, monospace; + font-size: 90%; + color: #000000 +} + +dd +{ + margin-top: 0.8em; + margin-bottom: 0.8em; + text-align: justify + +} + +dt +{ + margin-top: 0.8em; + font-family: Arial, Helvetica, sans-serif; + color: #000080 +} + +ol +{ + margin-top: 0.5em; + margin-bottom: 0.5em +} + +ol.alpha +{ + list-style-type: lower-alpha +} + +li +{ + margin-top: 0.25em; + margin-bottom: 0.25em; + text-align: justify +} + +a:hover +{ + color: #990000 +} + + +.title +{ + text-align: left; + font-size: 200%; + color: #000000; + font-family: Arial, Helvetica, sans-serif; + margin-top: 0.4em; + margin-bottom: 0.4em; + background-color:#999; +} + +.subtitle +{ + text-align: left; + font-size: 133%; + color: #000000; + font-family: Arial, Helvetica, sans-serif; + margin-top: 0.4em; + margin-bottom: 0.4em +} + +.glossaryTerm +{ + font-style: italic; + color: #006699 +} + +.example +{ + font-family: "Courier New", monospace; + background-color: #CCFFFF; + color: #000000; + margin: 0pt 0pt; + border: #008000 none +} + +.schema +{ + font-family: "Courier New", monospace; + background-color: #FFFFCC; + color: #000000; + margin: 0pt 0pt; + border: #008000 none +} + +.documentinfo +{ + font-family: Arial, Helvetica, sans-serif; + font-size: 100%; +} + +.ol-contents +{ + font-size: 100%; + margin-top: 0.0em; + margin-bottom: 0.0em; +} + +.li-contents +{ + font-size: 100%; + margin-top: 0.0em; + margin-bottom: 0.0em; +} + +.logoTitle +{ + text-align: center; + font-size: 200%; + color: #000080; + font-family: Arial, Helvetica, sans-serif; +} + +.logoTable +{ + margin-bottom: 0px; + margin-left: 0px +} + +.superscript +{ + vertical-align: super; + font-size: 66%; +} + +.term +{ + font-style: italic; +} + +.comment +{ + color: #000000; + background: #ffff00; + font-style: italic +} + +.addedErrata12 +{ + color: #FF0000; + background-color: #FFEEEE; + text-decoration: underline +} + +.deletedErrata12 +{ + color: #999999; + background-color: #EEEEEE; + text-decoration: line-through +} + +.added12 +{ + color: #FF0000; + text-decoration: underline +; background-color: #F8F0FF +} + +.deleted12 +{ + color: #999999; + text-decoration: line-through +; background-color: #f8f0ff +} + +.rfc2119Keyword +{ + font-variant: small-caps; + font-style: normal; +} + +.remark { font-style: italic} + +li.faq +{ + margin-top: 1.5em; + margin-bottom: 1.5em; +} + +.faq-question +{ + color: #000080; + font-size: 100%; + font-family: Arial, Helvetica, sans-serif; + font-weight: normal; + margin-bottom: 0.4em; +} + + +/*body +{ + font-family: "Times New Roman", Times, serif; + font-size: medium; + font-weight: normal; + margin-left: 2.5em; + margin-right: 2.5em; +} + +p +{ + margin-top: 0pt; + margin-bottom: 0.5em; + text-align: justify +} + +pre +{ + font-family: "Courier New", monospace; + font-size: 90%; + background-color: #cccccc; + color: #000000; + margin-left:1.5%; + margin-right:1.5%; + margin-top: 1em; + margin-bottom: 1em; + border: #008000 none; +} + +hr +{ + color: #000080; + background-color: #000080; + margin-top: 0.5em; + margin-bottom: 0.5em; +} + +table.fixedWidth +{ + width: 97%; + margin-left:1.5%; + margin-right:1.5%; + margin-top: 1em; + margin-bottom: 1em; +} + + +table.varWidth +{ + margin-left:1.5%; + margin-top: 1em; + margin-bottom: 1em; +} + +th +{ + text-align: left; +} + +h1 +{ + color: #000080; + text-align: left; + font-size: 167%; + font-family: Arial, Helvetica, sans-serif; + font-weight: normal +} + +h2 +{ + color: #000080; + font-size: 150%; + font-family: Arial, Helvetica, sans-serif; + font-weight: normal +} + +h3 +{ + color: #000080; + font-size: 133%; + font-family: Arial, Helvetica, sans-serif; + font-weight: normal +} + +h4 +{ + color: #000080; + font-size: 116%; + font-family: Arial, Helvetica, sans-serif; + font-weight: normal +} + +h5 +{ + color: #000080; + font-size: 100%; + font-family: Arial, Helvetica, sans-serif; + font-weight: normal +} + +h6 +{ + color: #000080; + font-size: 83%; + font-family: Arial, Helvetica, sans-serif; + font-weight: normal +} + +code +{ + font-family: "Courier New", Courier, monospace; + font-size: 90%; + color: #000000 +} + +dd +{ + margin-top: 0.8em; + margin-bottom: 0.8em; + text-align: justify + +} + +dt +{ + margin-top: 0.8em; + font-family: Arial, Helvetica, sans-serif; + color: #000080 +} + +ol +{ + margin-top: 0.5em; + margin-bottom: 0.5em +} + +ol.alpha +{ + list-style-type: lower-alpha +} + +li +{ + margin-top: 0.25em; + margin-bottom: 0.25em; + text-align: justify +} + +a:hover +{ + color: #990000 +} + + +.title +{ + text-align: left; + font-size: 167%; + color: #000080; + font-family: Arial, Helvetica, sans-serif; + margin-top: 0.4em; + margin-bottom: 0.4em +} + +.subtitle +{ + text-align: left; + font-size: 133%; + color: #000080; + font-family: Arial, Helvetica, sans-serif; + margin-top: 0.4em; + margin-bottom: 0.4em +} + +.glossaryTerm +{ + font-style: italic; + color: #006699 +} + +.example +{ + font-family: "Courier New", monospace; + background-color: #CCFFFF; + color: #000000; + margin: 0pt 0pt; + border: #008000 none +} + +.schema +{ + font-family: "Courier New", monospace; + background-color: #FFFFCC; + color: #000000; + margin: 0pt 0pt; + border: #008000 none +} + +.documentinfo +{ + font-family: Arial, Helvetica, sans-serif; + font-size: 100%; +} + +.ol-contents +{ + font-size: 100%; + margin-top: 0.0em; + margin-bottom: 0.0em; +} + +.li-contents +{ + font-size: 100%; + margin-top: 0.0em; + margin-bottom: 0.0em; +} + +.logoTitle +{ + text-align: center; + font-size: 133%; + color: #000080; + font-family: Arial, Helvetica, sans-serif; +} + +.logoTable +{ + margin-bottom: 0px; + margin-left: 0px +} + +.superscript +{ + vertical-align: super; + font-size: 66%; +} + +.term +{ + font-style: italic; +} + +.comment +{ + color: #000000; + background: #ffff00; + font-style: italic +} + +.addedErrata12 +{ + color: #FF0000; + background-color: #FFEEEE; + text-decoration: underline +} + +.deletedErrata12 +{ + color: #999999; + background-color: #EEEEEE; + text-decoration: line-through +} + +.added12 +{ + color: #FF0000; + text-decoration: underline +; background-color: #F8F0FF +} + +.deleted12 +{ + color: #999999; + text-decoration: line-through +; background-color: #f8f0ff +} + +.rfc2119Keyword +{ + font-variant: small-caps; + font-style: normal; +} + +.remark { font-style: italic} + +li.faq +{ + margin-top: 1.5em; + margin-bottom: 1.5em; +} + +.faq-question +{ + color: #000080; + font-size: 100%; + font-family: Arial, Helvetica, sans-serif; + font-weight: normal; + margin-bottom: 0.4em; +} +*/ \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/css/index.css b/id/server/auth/src/main/webapp/css/index.css deleted file mode 100644 index 622f6c255..000000000 --- a/id/server/auth/src/main/webapp/css/index.css +++ /dev/null @@ -1,451 +0,0 @@ - @charset "utf-8"; - - @media screen and (min-width: 650px) { - - body { - margin:0; - padding:0; - color : #000; - background-color : #fff; - font-family : Verdana, Geneva, Arial, sans-serif; - font-size:76%; - text-align: center; - background-color: #6B7B8B; - } - - #page { - display: block; - border: 2px solid rgb(0,0,0); - width: 650px; - height: 440px; - margin: 0 auto; - margin-top: 5%; - position: relative; - border-radius: 25px; - background: rgb(255,255,255); - } - - #page1 { - text-align: center; - } - - #main { - /* clear:both; */ - position:relative; - margin: 0 auto; - width: 250px; - text-align: center; - } - - .OA_header { - /* background-color: white;*/ - font-size: 20pt; - margin-bottom: 25px; - margin-top: 25px; - } - - #leftcontent { - /*float:left; */ - width:250px; - margin-bottom: 25px; - text-align: left; - border: 1px solid rgb(0,0,0); - } - - h2#tabheader.full { - padding:5px; - font-size:20px; - color:#fff; - border-bottom:2px solid #fff; - } - - #selectArea.full { - font-size: 15px; - padding-bottom: 65px; - } - - #leftcontent.full { - width: 400px; - margin-top: 30px; - } - - #main.full { - width: 400px; - } - - .setAssertionButton_full { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 100px; - height: 30px - } - - #leftbutton.full { - width: 30%; - float:left; - margin-left: 40px; - } - - #rightbutton.full { - width: 30%; - float:right; - margin-right: 45px; - text-align: right; - } - - } - - @media screen and (max-width: 649px) { - - body { - margin:0; - padding:0; - color : #000; - background-color : #fff; - font-family : Verdana, Geneva, Arial, sans-serif; - font-size:76%; - text-align: center; - background-color: #FFFFFF; - } - - #page { - visibility: hidden; - margin-top: 0%; - - } - - #page1 { - visibility: hidden; - } - - #main { - visibility: hidden; - } - - .OA_header { - margin-bottom: 0px; - margin-top: 0px; - font-size: 0pt; - visibility: hidden; - } - - #leftcontent { - visibility: visible; - margin-bottom: 0px; - text-align: left; - border:none; - width:250px; - } - - .setAssertionButton_full { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 70px; - height: 25px; - } - } - - * { - margin:0; - padding:0; - border:0; - } - - - /* skiplink */ - - #skiplinks { - position:relative; - } - - p#skiplinks a { - - position: absolute; - top: -999em; - left: -999em; - height: 0; - width: 0; - overflow: hidden; - } - - p#skiplinks a:focus, - p#skiplinks a:hover, - p#skiplinks a:active { - height: auto; - width:auto; - left: 0; - top: 0; - padding: 4px; - position: absolute; - overflow: visible; - text-decoration: none; - z-index: 100; - } - - /*layout */ - - #wrapper { - min-width:746px; - max-width:1258px; - padding: 0 10px; - } - - #banner { - width:100%; - min-height:100px; - padding-top:20px; - position:relative; - } - - #bannerleft { - float:left; - } - - #bannerleft h1 { - font-size:2em; - padding-top:10px; - } - - #bannerright { - float:right; - } - - /* left */ - - .iframebkuselection { - text-align: center; - padding-bottom: 25px; - background-color : #DDDDDD; - } - - h2#tabheader, h2#contentheader { - padding-bottom: 2px; - padding-right: 2px; - padding-top: 2px; - padding-left: 5px; - font-size:1.1em; - color:#fff; - border-bottom:2px solid #fff; - } - - #selectArea { - padding-top: 10px; - padding-bottom: 55px; - padding-left: 10px; - } - - .setAssertionButton { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 70px; - height: 25px; - } - - #leftbutton { - width: 35%; - float:left; - margin-left: 15px; - } - - #rightbutton { - width: 35%; - float:right; - margin-right: 25px; - text-align: right; - } - - #stork { - margin-bottom: 10px; - margin-top: 5px; - } - - #bkulogin { - overflow:hidden; - width:250px; - padding-top: 10px; - } - - #bkukarte { - float:left; - background: url(../img/karte.gif) no-repeat top center; - padding: 90px 10px 10px 10px; - text-align:center; - width:40%; - } - - #bkuhandy { - float:right; - background: url(../img/handy.gif) no-repeat top center; - padding: 90px 10px 10px 10px; - text-align:center; - width:40%; - } - - #mandate{ - text-align:center; - padding : 5px 5px 5px 5px; - } - - button { - background: #efefef; - border:1px solid #000; - cursor: pointer; - } - - input { - background: #efefef; - border:1px solid #000; - cursor: pointer; - } - - #installJava, #BrowserNOK { - clear:both; - font-size:0.8em; - padding:4px; - } - - #localBKU { - padding:4px; - } - - .selectText{ - - } - - .selectTextHeader{ - - } - - .sendButton { - background-color: DarkGray; - border-style: solid; - border-width: 1px; - border-color: black; - } - - - #tab { - margin-top:2px; - padding:2px; - clear:both; - } - - #leftcontent a { - text-decoration:none; - color: #000; - /* display:block;*/ - padding:4px; - } - - #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active { - text-decoration:underline; - color: #000; - } - - #navlist { - margin-top:20px; - } - - #navlist ul { - list-style: none; - margin-left: 0; - } - - #navlist li { - border-bottom:1px solid #fff; - } - - iframe { - width:250px; - height: 180px - } - - /* right */ - - #rightcontent { - float:right; - width:220px; - } - - #centercontent { - width:auto; - margin: 0 230px; - } - - /* center */ - - #content { - padding:20px; - } - - #content a { - text-decoration:underline; - color: #000; - } - - #content a:hover, #content a:focus, #content a:active { - text-decoration:underline; - color: #000; - } - - p { - margin-bottom:1em; - } - - .lightblock{ - text-align : left; - padding : 5px 5px 5px 5px; - } - - - #mandateLogin { - vertical-align: middle; - } - - - .infobutton { - background-color: #005a00; - color: white; - font-family: serif; - text-decoration: none; - padding-top: 2px; - padding-right: 4px; - padding-bottom: 2px; - padding-left: 4px; - font-weight: bold; - } - - - /* [OPTIONAL] Geben Sie hier die Farbe fuer den hellen Hintergrund an */ - .hell { - background-color : #DDDDDD; - } - - /* [OPTIONAL] Geben Sie hier die Farbe fuer den dunklen Hintergrund an */ - .dunkel { - background-color: #A02D2D; - } - - /* [OPTIONAL] Geben Sie hier die Farbe fuer Links an */ - #leftcontent a, #content a { - color: white; - } - - .main_header { - color: black; - font-size: 32pt; - position: absolute; - right: 10%; - top: 40px; - - } - - @media print { - #wrapper { width:100%;} - #banner {width:640px;} - #rightcontent {display: none;} - #centercontent {width:400px; margin-right:0;} - } diff --git a/id/server/auth/src/main/webapp/errorpage-auth.jsp b/id/server/auth/src/main/webapp/errorpage-auth.jsp deleted file mode 100644 index 07f3e7f69..000000000 --- a/id/server/auth/src/main/webapp/errorpage-auth.jsp +++ /dev/null @@ -1,50 +0,0 @@ - -<%@ page contentType="text/html; charset=UTF-8" %> - - -Ein Fehler ist aufgetreten - -<% Throwable exceptionThrown = (Throwable)request.getAttribute("ExceptionThrown"); - String errorMessage = (String)request.getAttribute("ErrorMessage"); - String wrongParameters = (String)request.getAttribute("WrongParameters"); -%> - - -

Fehler bei der Anmeldung

Bei der Anmeldung ist ein Fehler aufgetreten.

- -<% if (errorMessage != null) { %> -

-<%= errorMessage%>
-

-<% } %> -<% if (exceptionThrown != null) { %> -

-<%= exceptionThrown.getMessage()%> -

-<% } %> -<% if (wrongParameters != null) { %> -

Die Angabe der Parameter ist unvollständig.

- <%= wrongParameters %>
-

- Beispiele für korrekte Links zur MOA-ID Authentisierung sind: -

-<a href="https://<MOA-URL>/StartAuthentication?Target=<Geschäftsbereich>&OA=<OA-URL>&Template=<Template-URL>"> -

-<a href="https://<MOA-URL>/SelectBKU?Target=<Geschäftsbereich>&OA=<OA-URL>&Template=<Template-URL>&BKUSelectionTemplate=<BKU-Template-URL>"> -

-Im Falle einer Applikation aus dem privatwirtschaftlichen Bereich (type="businessService") entfällt die Angabe des Target Parameters: -

-<a href="https://<MOA-URL>/StartAuthentication?OA=<OA-URL>&Template=<Template-URL>"> -

-<a href="https://<MOA-URL>/SelectBKU?OA=<OA-URL>&Template=<Template-URL>&BKUSelectionTemplate=<BKU-Template-URL>"> -

Die Angabe der Parameter "Template" und "BKUSelectionTemplate" ist optional.

-<% } %> - - \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/iframeHandyBKU.html b/id/server/auth/src/main/webapp/iframeHandyBKU.html deleted file mode 100644 index b5936679f..000000000 --- a/id/server/auth/src/main/webapp/iframeHandyBKU.html +++ /dev/null @@ -1,58 +0,0 @@ - - - - iFrame Handy BKU - - - - - - - Bitte warten... - -

- - \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/iframeOnlineBKU.html b/id/server/auth/src/main/webapp/iframeOnlineBKU.html deleted file mode 100644 index 0b6e7d71f..000000000 --- a/id/server/auth/src/main/webapp/iframeOnlineBKU.html +++ /dev/null @@ -1,67 +0,0 @@ - - - - iFrame Online BKU - - - - - - - Bitte warten... - -

- - \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/img/bk_aktivieren.jpg b/id/server/auth/src/main/webapp/img/bk_aktivieren.jpg deleted file mode 100644 index a6436dc72..000000000 Binary files a/id/server/auth/src/main/webapp/img/bk_aktivieren.jpg and /dev/null differ diff --git a/id/server/auth/src/main/webapp/img/handy.gif b/id/server/auth/src/main/webapp/img/handy.gif deleted file mode 100644 index 5aeb542db..000000000 Binary files a/id/server/auth/src/main/webapp/img/handy.gif and /dev/null differ diff --git a/id/server/auth/src/main/webapp/img/karte.gif b/id/server/auth/src/main/webapp/img/karte.gif deleted file mode 100644 index ee9ab7cad..000000000 Binary files a/id/server/auth/src/main/webapp/img/karte.gif and /dev/null differ diff --git a/id/server/auth/src/main/webapp/img/logo.jpg b/id/server/auth/src/main/webapp/img/logo.jpg deleted file mode 100644 index bafbccc84..000000000 Binary files a/id/server/auth/src/main/webapp/img/logo.jpg and /dev/null differ diff --git a/id/server/auth/src/main/webapp/img/mobile-bku.png b/id/server/auth/src/main/webapp/img/mobile-bku.png deleted file mode 100644 index 697514273..000000000 Binary files a/id/server/auth/src/main/webapp/img/mobile-bku.png and /dev/null differ diff --git a/id/server/auth/src/main/webapp/img/online-bku.png b/id/server/auth/src/main/webapp/img/online-bku.png deleted file mode 100644 index d7d524999..000000000 Binary files a/id/server/auth/src/main/webapp/img/online-bku.png and /dev/null differ diff --git a/id/server/auth/src/main/webapp/img/stork-logo.png b/id/server/auth/src/main/webapp/img/stork-logo.png deleted file mode 100644 index 70355a084..000000000 Binary files a/id/server/auth/src/main/webapp/img/stork-logo.png and /dev/null differ diff --git a/id/server/auth/src/main/webapp/img/valid-html5-blue.png b/id/server/auth/src/main/webapp/img/valid-html5-blue.png deleted file mode 100644 index 91ebe3e87..000000000 Binary files a/id/server/auth/src/main/webapp/img/valid-html5-blue.png and /dev/null differ diff --git a/id/server/auth/src/main/webapp/img/w3cvalidhtml5.jpg b/id/server/auth/src/main/webapp/img/w3cvalidhtml5.jpg deleted file mode 100644 index 2cd65412e..000000000 Binary files a/id/server/auth/src/main/webapp/img/w3cvalidhtml5.jpg and /dev/null differ diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html index eee3cd69a..937ae0098 100644 --- a/id/server/auth/src/main/webapp/index.html +++ b/id/server/auth/src/main/webapp/index.html @@ -1,14 +1,102 @@ - - - - - - MOA-ID 2.0 Mainpage - - - - - - - - \ No newline at end of file + + + + + MOA-ID 2.0 RC1 + + + + + + + + + +

Dokumentation

MOA-ID 2.0 RC1

Inhalt

Allgemeines +
1. Externe Services
+
MOA-ID-Auth +
1. Ablauf einer Anmeldung
+
MOA-ID-Configuration

1 Allgemeines

Das Module MOA-ID-Auth kann von Anwendungen zur Identifizierung und Authentifizierung im Rahmen eines Anmeldeprozesses an einer Online-Applikation verwendet werden. Die Konfiguration des Modules MOA-ID-Auth erfolgt mit Hilfe des Zusatzmodules MOA-ID-Configuration welches eine web-basierte Konfigurationsschnittstelle zur Verfügung stellt.

Das nachfolgende Blockdiagramm zeigt Struktur von MOA-ID und gibt eine kurze Beschreibung der einzelnen Komponenten.

Architektur MOA-ID

MOA-ID besteht aus folgenden Kernkomponenten:

CORE LOGIC: Diese Komponente ist die zentrale Logik zur Steuerung der einzelnen Prozesse innerhalb MOA-ID 2.x.
Protocol Adapter: Stellt die in MOA-ID 2.x unterstützten Authentifizierungsprotokolle für die Anbindung von Service Providern zur Verfügung.
Auth Sources: Stellt die von MOA-ID 2.x unterstützte Identifikationsmechanismen zur Verfügung. Dies sind die österreichische Bürgerkarte oder Handy-Signatur sowie die Anmeldung ausländischer Personen mit Hilfe des STORK Protokoll.
Template Generator: Der Template Generator erzeugt für Service Provider die entsprechenden Login-Masken für die Integration in die eigene Web-Applikation.
SSO Module: Das Single Sign-On (SSO) Modul verwaltet die zusätzlichen Operationen die sich aus der Umsetzung von SSO ergeben. Dies umfasst im Besonderen das SSO Session-Management.
Statistic Module: Dieses Modul dient zur Generierung von anonymisierten Statistikdaten aus den Anmeldeinformationen.
Monitoring & Testing Module: Dieses Modul implementiert Methoden mit deren Hilfe einzelne funktionale Bereiche aus MOA-ID-Auth getestet werden können. Somit dient dieses Modul als Schnittstellte zu einem externen Monitoring-Service.
Configuration Modul: Dieses Modul stellt die Schnittstelle zur MOA-ID-Auth Konfiguration dar welche in einer Datenbank abgelegt wird.
Konfigurationstool: Oberfläche, mit deren Hilfe MOA-ID konfiguriert werden kann. Dies umfasst sowohl allgemeine Konfigurationsteile als auch die Konfiguration der einzelnen bei MOA-ID-Auth registrierten Online-Applikationen. Service Provider können sich am Konfigurationstool mittels Bürgerkarte oder Handy-Signatur anmelden und ihre Online-Applikationen verwalten.

1.1 Externe Services

Für die Anmeldung in Vertretung und die Anmeldung ausländischer Personen werden zusätzliche externe Services verwendet.

1.1.1 Online-Vollmachten

Ab der MOA-ID Release 1.5.0 werden Online-Vollmachten (für Anwendungen aus dem öffentlichen Bereich) unterstützt. Hierzu werden diese Vollmachten über eine Online-Vollmachten-Service ausgewählt. Der Zugang zu diesem Online-Vollmachten Service ist über eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert.

1.1.2 Ausländische Bürger

Ab der MOA-ID Release 1.4.7 ist es möglich, dass sich auch ausländische Bürger mittels MOA-ID einloggen können. Hierzu wird eine Verbindung zu einem sogenannten Stammzahlenregister-Gateway aufgebaut, dass basierend auf den Zertifikatsdaten des ausländischen Bürgers eine Eintragung im Ergänzungsregister für natürliche Personen gemäß E-Government Gesetz §6(5) vornimmt. Somit ist es möglich, dass eine Personenbindung ausgestellt werden kann, die in weitere Folge an MOA-ID weitergeleitet wird. Der Zugang zu diesem Stammzahlenregister-Gateway ist über eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert.

2 MOA-ID-Auth

Das Modul MOA-ID-Auth dient der Identifizierung und Authentifizierung im Rahmen eines Anmeldevorgangs an einer Online-Applikation. Die Identifizierung und Authentifizierung erfolgt mit Bürgerkartem, Handy-Signatur oder für ausändische Personen mittels STORK.

Die Funktionalität und der Aufbau der Schnittstellen des Modules MOA-ID-Auth in Richtung Online-Applikation wird im Kapitel Protokolle beschriebe. +

Für den Betrieb von MOA-ID-Auth ist der Einsatz von MOA-Signaturprüfung (MOA-SP) erforderlich.

2.1 Ablauf einer Anmeldung

Die nachfolgende Grafik beschreibt den Ablauf eines Abmeldevorgangs an einer Online-Applikation mit Hilfe von MOA-ID-Auth unter Verwendung der Bürgerkarte oder der Handy-Signatur.

Sequenzdiagramm eines Anmeldevorgangs mit MOA-ID-Auth

Der Benutzer verbindet sich zu einem Web-Portal (Service Provider) über das die Online-Applikation erreichtbar ist. Nach der Betätigung eines Login-Buttons wird der Anmeldevorgang ausgelöst.
Der Benutzer wird zur Identifizierung und Authentifizierung an MOA-ID-Auth weitergeleitet.
MOA-ID-Auth validiert die Authentifizierungsanfrage des Service Providers
MOA-ID-Auth bietet dem Benutzer eine Auswahl von verfügbaren Authentifizierungsmethoden (Bürgerkarte, Handy-Signatur, STORK) an.
Der Benutzer wählt die gewünschte Authentifizierungsmethode und sendet diese an MOA-ID-Auth.
MOA-ID-AUTH erzeugt eine HTML-Seite mit einem <InfoboxReadRequest> zum Auslesen der Personenbindung. Diese HTML-Seite wird an den Browser geschickt.
Der Browser schickt den <InfoboxReadRequest> an die ausgewählte B�rgerkartenumgebung unter Verwendung des Security-Layer. Die B�rgerkartenumgebung liest die Personenbindung von der Bürgerkarte und sendet diese an MOA-ID-AUTH. MOA-ID-Auth pr�ft die Signatur der Personenbindung durch einen Aufruf von MOA-SP.
MOA-ID-AUTH erstellt den AUTH-Block. Der AUTH-Block enthält Vor- und Nachname aus der Personenbindung, URL von MOA-ID-AUTH, URL und Geschäftsbereich der Online-Applikation oder im Falle einer SSO Anmeldung die URL und den Geschäftsbereich der MOA-ID-Auth Instanz, die aktuelle Zeit, das aktuelle Datum und einen Zufallswert für diesen Anmeldevorgang. Anschließend wird eine XML Antwortseite, die das Kommando zum Signieren (<CreateXMLSignatureRequest>) des generierten AUTH-Blocks enthält, an die ausgewählte B�rgerkartenumgebung, unter Verwendung des Security-Layers, gesendet.
Der Request wird von der B�rgerkartenumgebung verarbeitet. Die signierten Daten werden an MOA-ID-AUTH zurückgesendet.
MOA-ID-Auth überprüft den signierten AUTH-Block und generiert Information für weitere Anmeldungen mittels Single Sign-On.
MOA-ID-Auth generiert die Anmeldedaten (Assertion) welche folgende Information enthalten: +
- die bereichsspezifischen Personenkennzeichen (bPK / wbPK)
- Vorname, Nachname und Geburtsdatum (optional)
- den signierten AUTH-Block (optional)
- die Personenbindung (optional)
- das Zertifikat mit dem die Signatur erzeugt wurde (optional)
- informationen zum Vertreten im Falle einer Anmeldung in Vertretung (optional)
- die elektronische Vollmacht im Falle einer Anmeldung in Vertretung (optional)
- informationen aus dem STORK Protokoll im Falle einer Anmeldung mittels STORK (optional)
+
MOA-ID-Auth sendet die Anmeldedaten an den Service-Provider und setzt im Browser des Benutzers ein SSO Session-Tokken welches für weitere Anmeldevorgänge verwendet werden kann.
Die Anmeldedaten werden vom Service-Provider verarbeitet und der Benutzer wird vom Service-Provider an die Online-Applikation weitergeleitet.

3 MOA-ID-Configuration

Das Modul MOA-ID-Configuration stellt eine web-basierte Benutzerschnittstelle zur Konfiguration des Moduls MOA-ID-Auth zur Verfügung, wobei sich die Konfiguration in zwei Teilbereiche unterteilt ist. Eine detailierte Aufstellung der einzelnen Konfigurationspunkte befindet sich im Kapitel Konfiguration.

Allgemeine Konfiguration
+ In diesem Bereich sind alle Basiseinstellungen der MOA-ID-Auth Instanz hinterlegt. Beispiele hierfür sind Single Sign-On, unterstütze Authentifizierungsprotokolle, Informationen zu MOA-ID-Auth, URLs zu externen Services, ... Eine Änderung der Basiseinstellung erfordert besondere Benutzerrechte am Konfigurationstool.
Online-Applikationen
+ In diesem Abschnitt erfolgt die Konfiguration der einzelnen bei MOA-ID-Auth registrierten Service-Provider. Hierbei handelt es sich um authentifizierungsprotkollspezifische Einstellungen, Bereich des Service-Providers (öffentlich / Privatwirtschaftlich), Konfiguration der BKU Auswahl, .... Wobei sich die Konfigurationsmöglichkeiten je nachdem welche Benutzerrechten vergeben sind, unterscheiden können.

Zusätzlich unterstützt das Module MOA-ID-Configuration auch eine einfache Bentzerverwaltung mit Rechtevergabe mit deren Hilfe die Verwaltung von Online-Applikatioen an den jeweiligen Service-Provider ausgelagert werden kann. Die Anmeldung am Konfigurationstool erfolgt mittels Bürgerkarte, Handy-Signature oder STORK, wobei optional auch eine Anmeldung mittels Benutzername und Passwort zur Verfügung steht.

+ + diff --git a/id/server/auth/src/main/webapp/info_bk.html b/id/server/auth/src/main/webapp/info_bk.html deleted file mode 100644 index 59aea64cb..000000000 --- a/id/server/auth/src/main/webapp/info_bk.html +++ /dev/null @@ -1,100 +0,0 @@ - - - - Information - - - - - -

- Zum Inhalt springen -

- -

- Informationen zur Bürgerkarte -

- Hinweis: - Für natürliche Personen ist beim Login mit Bürgerkarte keine Erstanmeldung erforderlich. -

- Um mit der Bürgerkarte einsteigen zu können, benötigen Sie: -

- eine Chipkarte, die für die Verwendung als Bürgerkarte geeignet ist, wie zum Beispiel Ihre e-card, Bankomatkarte oder Signaturkarte von A-Trust -
- einen Kartenleser mit den dazugehörigen Treibern -
- eine Bürgerkartensoftware (BKU) -

oder

- ein Mobiltelefon, das zur Nutzung als Handysignatur registriert ist. -

Als Bürgerkartensoftware stehen Ihnen folgende drei Varianten zur Verfügung: -

Lokale BKU: Diese Software wird lokal auf Ihrem Computer installiert. Die Software finden sie unter http://www.buergerkarte.at/download.de.php -
Online BKU: Mit der Online BKU wird keine lokale Bürgerkartensoftware am PC benötigt. Über JAVA Technologien werden die benötigten Funktionen als Applet im Browser ausgeführt. Einzige Voraussetzung ist eine aktuelle JAVA Version (ab Java 6). -
Handysignatur: Mit der Handysignatur können Sie sich mittels ihres Mobiltelefons anmelden. Voraussetzung ist eine vorherige Registrierung. Mehr Informationen hierzu finden Sie auf: https://www.handy-signatur.at/
-
- Informationen zur Bürgerkarte finden Sie hier: -

- Digitales Österreich: Informationen rund um E-Government -
- Bürgerkarte: Informationen zur Bürgerkarte -

-
- Hier bekommen Sie Ihre Bürgerkarte: -

- A-Trust: Aktivieren der Bankomatkarte/e-card als Bürgerkarte oder Registrierung ihres Mobiltelefons als Bürgerkarte oder Ausstellung einer eigenen Bürgerkarte -

- zurück -

- - \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/info_mandates.html b/id/server/auth/src/main/webapp/info_mandates.html deleted file mode 100644 index c46b91636..000000000 --- a/id/server/auth/src/main/webapp/info_mandates.html +++ /dev/null @@ -1,58 +0,0 @@ - - - - Information - - - - - -

- Zum Inhalt springen -

- -

- Information zur Anmeldung mittels elektronischer Vollmacht -

Aktivieren Sie das Kästchen "in Vertretung anmelden", - wenn Sie sich als Vertreter für eine andere Person anmelden möchten. Das Vollmachtenservice - der Stammzahlenregisterbehörde bietet Ihnen Ihre verfügbaren Vollmachten zur Auswahl an.

- - -

Das Service zum Eintragen einer Vollmacht zwischen zwei natürlichen Personen können Sie - unter dem Hyperlink Bilaterale Vollmacht - eintragen.

- -

Als Organwalter (gemäß § 5 Abs. 3 E-GovG) und berufsmäßige Parteinvertreter, - aktivieren Sie bitte ebenfalls das Kästchen "in Vertretung anmelden".

- - -

Hinweis: Welche Vollmachten Ihnen bei der jeweiligen - Bürgerkartenapplikation zur Verfügung stehen, hängt vom Anwendungsbetreiber ab.

- - \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/info_stork.html b/id/server/auth/src/main/webapp/info_stork.html deleted file mode 100644 index 2bdf62711..000000000 --- a/id/server/auth/src/main/webapp/info_stork.html +++ /dev/null @@ -1,42 +0,0 @@ - - - - Information (STORK) - - - - - -

- Go to contents -

- -

- Information using STORK for secure authentication -

- -

The STORK project makes it easier for citizens to access online public services across borders by implementing Europe-wide interoperable cross border platforms for the mutual recognition of national electronic identity (eID) between participating countries.

For more information, please consult the STORK website:

https://www.eid-stork2.eu/ -

- - \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/message-auth.jsp b/id/server/auth/src/main/webapp/message-auth.jsp deleted file mode 100644 index 0c28c1ba7..000000000 --- a/id/server/auth/src/main/webapp/message-auth.jsp +++ /dev/null @@ -1,20 +0,0 @@ - -<%@ page contentType="text/html; charset=UTF-8" %> - - -MOA-ID AUTH - -<% String message = (String)request.getAttribute("Message"); -%> - - -

MOA-ID AUTH

- -<% if (message != null) { %> -

-<%= message%>
-

-<% } %> - - - \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/template_handyBKU.html b/id/server/auth/src/main/webapp/template_handyBKU.html deleted file mode 100644 index 91f7fad6f..000000000 --- a/id/server/auth/src/main/webapp/template_handyBKU.html +++ /dev/null @@ -1,38 +0,0 @@ - - - - - - - - - - - - - - \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/template_localBKU.html b/id/server/auth/src/main/webapp/template_localBKU.html deleted file mode 100644 index f197d2c5c..000000000 --- a/id/server/auth/src/main/webapp/template_localBKU.html +++ /dev/null @@ -1,30 +0,0 @@ - - - - - - - - - - - - - - - diff --git a/id/server/auth/src/main/webapp/template_onlineBKU.html b/id/server/auth/src/main/webapp/template_onlineBKU.html deleted file mode 100644 index 534d3dc55..000000000 --- a/id/server/auth/src/main/webapp/template_onlineBKU.html +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - - - - - - - -- cgit v1.2.3 From 5e0ac460325314322123b66cd317009a474cef7c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 5 Mar 2014 20:37:12 +0100 Subject: solve commit errors --- .../auth/src/main/webapp/META-INF/MANIFEST.MF | 2 + .../src/main/webapp/WEB-INF/server-config.wsdd | 29 +++ .../auth/src/main/webapp/WEB-INF/urlrewrite.xml | 81 +++++++ id/server/auth/src/main/webapp/WEB-INF/web.xml | 257 +++++++++++++++++++++ 4 files changed, 369 insertions(+) create mode 100644 id/server/auth/src/main/webapp/META-INF/MANIFEST.MF create mode 100644 id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd create mode 100644 id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml create mode 100644 id/server/auth/src/main/webapp/WEB-INF/web.xml (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF b/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF new file mode 100644 index 000000000..58630c02e --- /dev/null +++ b/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF @@ -0,0 +1,2 @@ +Manifest-Version: 1.0 + diff --git a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd new file mode 100644 index 000000000..121ec3cf9 --- /dev/null +++ b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd @@ -0,0 +1,29 @@ + + + + + + + + + urn:oasis:names:tc:SAML:1.0:protocol + + + /resources/wsdl/MOA-ID-1.x.wsdl + + + + + + + + + + + + + + diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml new file mode 100644 index 000000000..2f17c7d98 --- /dev/null +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -0,0 +1,81 @@ + + + + + + + + + The rule means that requests to /test/status/ will be redirected to + /rewrite-status + the url will be rewritten. + + /test/status/ + %{context-path}/rewrite-status + + + + + ^/StartAuthentication$ + /dispatcher?mod=id_saml1&action=GetArtifact + + + ^/StartAuthentication\?(.*)$ + /dispatcher?mod=id_saml1&action=GetArtifact&$1 + + + + ^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$ + /dispatcher?mod=$1&action=$2 + + + ^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)\?(.*)$ + /dispatcher?mod=$1&action=$2&$3 + + + + + ^/pvp2/metadata$ + /dispatcher?mod=id_pvp2x&action=Metadata&%{query-string} + + + ^/pvp2/redirect$ + /dispatcher?mod=id_pvp2x&action=Redirect&%{query-string} + + + ^/pvp2/post$ + /dispatcher?mod=id_pvp2x&action=Post&%{query-string} + + + ^/PVP2Soap$ + /dispatcher?mod=id_pvp2x&action=Soap + + + + ^/oauth2/auth\\?(.*)$ + /dispatcher?mod=id_oauth20&action=AUTH&%{query-string} + + + ^/oauth2/token\\?(.*)$ + /dispatcher?mod=id_oauth20&action=TOKEN&%{query-string} + + + + + + The outbound-rule specifies that when response.encodeURL is called (if + you are using JSTL c:url) + the url /rewrite-status will be rewritten to /test/status/. + + The above rule and this outbound-rule means that end users should never + see the + url /rewrite-status only /test/status/ both in thier location bar and in + hyperlinks + in your pages. + + /rewrite-status + /test/status/ + + + diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml new file mode 100644 index 000000000..0ef8a568c --- /dev/null +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,257 @@ + + + + MOA ID Auth + MOA ID Authentication Service + + + GenerateIframeTemplate + GenerateIframeTemplate + Generate BKU Request template + at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet + + + RedirectServlet + RedirectServlet + at.gv.egovernment.moa.id.auth.servlet.RedirectServlet + + + MonitoringServlet + MonitoringServlet + at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet + + + SSOSendAssertionServlet + SSOSendAssertionServlet + at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet + + + LogOut + LogOut + SSO LogOut + at.gv.egovernment.moa.id.auth.servlet.LogOutServlet + 1 + + + VerifyIdentityLink + VerifyIdentityLink + Verify identity link coming from security layer + at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet + + + VerifyCertificate + VerifyCertificate + Verify the certificate coming from security layer + at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet + + + GetMISSessionID + GetMISSessionID + Get the MIS session ID coming from security layer + at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet + + + + GetForeignID + GetForeignID + Gets the foreign eID from security layer + at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet + + + + VerifyAuthBlock + VerifyAuthBlock + Verify AUTH block coming from security layer + at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet + + + + AxisServlet + Apache-Axis Servlet + org.apache.axis.transport.http.AxisServlet + + + + + jspservlet + org.apache.jasper.servlet.JspServlet + + + PEPSConnectorServlet + PEPSConnectorServlet + Servlet receiving STORK SAML Response Messages from + different C-PEPS + + at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet + + + + + DispatcherServlet + Dispatcher Servlet + at.gv.egovernment.moa.id.entrypoints.DispatcherServlet + 1 + + + + + at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet + at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet + + + + + + + DispatcherServlet + /dispatcher + + + + + + + + jspservlet + /errorpage-auth.jsp + + + + jspservlet + /message-auth.jsp + + + + + GenerateIframeTemplate + /GenerateIframeTemplate + + + RedirectServlet + /RedirectServlet + + + MonitoringServlet + /MonitoringServlet + + + SSOSendAssertionServlet + /SSOSendAssertionServlet + + + LogOut + /LogOut + + + VerifyIdentityLink + /VerifyIdentityLink + + + VerifyCertificate + /VerifyCertificate + + + GetMISSessionID + /GetMISSessionID + + + GetForeignID + /GetForeignID + + + + + + VerifyAuthBlock + /VerifyAuthBlock + + + + AxisServlet + /services/* + + + PEPSConnectorServlet + /PEPSConnector + + + + + + + UrlRewriteFilter + org.tuckey.web.filters.urlrewrite.UrlRewriteFilter + + + + UrlRewriteFilter + /* + + + + + 5 + + + 500 + /errorpage.jsp + + + + BASIC + UserDatabase + + + + The role that is required to log in to the moa Application + + moa-admin + + -- cgit v1.2.3 From 402eeaea787d7b6197c31852b6bc4b6eea7bc278 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 6 Mar 2014 12:56:18 +0100 Subject: add missing files to MOA-ID-Auth mainpage --- id/server/auth/src/main/webapp/errorpage-auth.jsp | 50 +++++++++++ .../auth/src/main/webapp/img/bk_aktivieren.jpg | Bin 0 -> 30471 bytes id/server/auth/src/main/webapp/img/handy.gif | Bin 0 -> 4460 bytes id/server/auth/src/main/webapp/img/karte.gif | Bin 0 -> 3360 bytes id/server/auth/src/main/webapp/img/logo.jpg | Bin 0 -> 18260 bytes id/server/auth/src/main/webapp/img/mobile-bku.png | Bin 0 -> 4602 bytes id/server/auth/src/main/webapp/img/online-bku.png | Bin 0 -> 6011 bytes id/server/auth/src/main/webapp/img/stork-logo.png | Bin 0 -> 9160 bytes .../auth/src/main/webapp/img/valid-html5-blue.png | Bin 0 -> 3297 bytes .../auth/src/main/webapp/img/w3cvalidhtml5.jpg | Bin 0 -> 1938 bytes id/server/auth/src/main/webapp/index.html | 2 +- id/server/auth/src/main/webapp/info_bk.html | 100 +++++++++++++++++++++ id/server/auth/src/main/webapp/info_mandates.html | 58 ++++++++++++ id/server/auth/src/main/webapp/info_stork.html | 42 +++++++++ .../auth/src/main/webapp/template_handyBKU.html | 38 ++++++++ .../auth/src/main/webapp/template_localBKU.html | 30 +++++++ .../auth/src/main/webapp/template_onlineBKU.html | 37 ++++++++ 17 files changed, 356 insertions(+), 1 deletion(-) create mode 100644 id/server/auth/src/main/webapp/errorpage-auth.jsp create mode 100644 id/server/auth/src/main/webapp/img/bk_aktivieren.jpg create mode 100644 id/server/auth/src/main/webapp/img/handy.gif create mode 100644 id/server/auth/src/main/webapp/img/karte.gif create mode 100644 id/server/auth/src/main/webapp/img/logo.jpg create mode 100644 id/server/auth/src/main/webapp/img/mobile-bku.png create mode 100644 id/server/auth/src/main/webapp/img/online-bku.png create mode 100644 id/server/auth/src/main/webapp/img/stork-logo.png create mode 100644 id/server/auth/src/main/webapp/img/valid-html5-blue.png create mode 100644 id/server/auth/src/main/webapp/img/w3cvalidhtml5.jpg create mode 100644 id/server/auth/src/main/webapp/info_bk.html create mode 100644 id/server/auth/src/main/webapp/info_mandates.html create mode 100644 id/server/auth/src/main/webapp/info_stork.html create mode 100644 id/server/auth/src/main/webapp/template_handyBKU.html create mode 100644 id/server/auth/src/main/webapp/template_localBKU.html create mode 100644 id/server/auth/src/main/webapp/template_onlineBKU.html (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/errorpage-auth.jsp b/id/server/auth/src/main/webapp/errorpage-auth.jsp new file mode 100644 index 000000000..07f3e7f69 --- /dev/null +++ b/id/server/auth/src/main/webapp/errorpage-auth.jsp @@ -0,0 +1,50 @@ + +<%@ page contentType="text/html; charset=UTF-8" %> + + +Ein Fehler ist aufgetreten + +<% Throwable exceptionThrown = (Throwable)request.getAttribute("ExceptionThrown"); + String errorMessage = (String)request.getAttribute("ErrorMessage"); + String wrongParameters = (String)request.getAttribute("WrongParameters"); +%> + + +

Fehler bei der Anmeldung

Bei der Anmeldung ist ein Fehler aufgetreten.

+ +<% if (errorMessage != null) { %> +

+<%= errorMessage%>
+

+<% } %> +<% if (exceptionThrown != null) { %> +

+<%= exceptionThrown.getMessage()%> +

+<% } %> +<% if (wrongParameters != null) { %> +

Die Angabe der Parameter ist unvollständig.

+ <%= wrongParameters %>
+

+ Beispiele für korrekte Links zur MOA-ID Authentisierung sind: +

+<a href="https://<MOA-URL>/StartAuthentication?Target=<Geschäftsbereich>&OA=<OA-URL>&Template=<Template-URL>"> +

+<a href="https://<MOA-URL>/SelectBKU?Target=<Geschäftsbereich>&OA=<OA-URL>&Template=<Template-URL>&BKUSelectionTemplate=<BKU-Template-URL>"> +

+Im Falle einer Applikation aus dem privatwirtschaftlichen Bereich (type="businessService") entfällt die Angabe des Target Parameters: +

+<a href="https://<MOA-URL>/StartAuthentication?OA=<OA-URL>&Template=<Template-URL>"> +

+<a href="https://<MOA-URL>/SelectBKU?OA=<OA-URL>&Template=<Template-URL>&BKUSelectionTemplate=<BKU-Template-URL>"> +

Die Angabe der Parameter "Template" und "BKUSelectionTemplate" ist optional.

+<% } %> + + \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/img/bk_aktivieren.jpg b/id/server/auth/src/main/webapp/img/bk_aktivieren.jpg new file mode 100644 index 000000000..a6436dc72 Binary files /dev/null and b/id/server/auth/src/main/webapp/img/bk_aktivieren.jpg differ diff --git a/id/server/auth/src/main/webapp/img/handy.gif b/id/server/auth/src/main/webapp/img/handy.gif new file mode 100644 index 000000000..5aeb542db Binary files /dev/null and b/id/server/auth/src/main/webapp/img/handy.gif differ diff --git a/id/server/auth/src/main/webapp/img/karte.gif b/id/server/auth/src/main/webapp/img/karte.gif new file mode 100644 index 000000000..ee9ab7cad Binary files /dev/null and b/id/server/auth/src/main/webapp/img/karte.gif differ diff --git a/id/server/auth/src/main/webapp/img/logo.jpg b/id/server/auth/src/main/webapp/img/logo.jpg new file mode 100644 index 000000000..bafbccc84 Binary files /dev/null and b/id/server/auth/src/main/webapp/img/logo.jpg differ diff --git a/id/server/auth/src/main/webapp/img/mobile-bku.png b/id/server/auth/src/main/webapp/img/mobile-bku.png new file mode 100644 index 000000000..697514273 Binary files /dev/null and b/id/server/auth/src/main/webapp/img/mobile-bku.png differ diff --git a/id/server/auth/src/main/webapp/img/online-bku.png b/id/server/auth/src/main/webapp/img/online-bku.png new file mode 100644 index 000000000..d7d524999 Binary files /dev/null and b/id/server/auth/src/main/webapp/img/online-bku.png differ diff --git a/id/server/auth/src/main/webapp/img/stork-logo.png b/id/server/auth/src/main/webapp/img/stork-logo.png new file mode 100644 index 000000000..70355a084 Binary files /dev/null and b/id/server/auth/src/main/webapp/img/stork-logo.png differ diff --git a/id/server/auth/src/main/webapp/img/valid-html5-blue.png b/id/server/auth/src/main/webapp/img/valid-html5-blue.png new file mode 100644 index 000000000..91ebe3e87 Binary files /dev/null and b/id/server/auth/src/main/webapp/img/valid-html5-blue.png differ diff --git a/id/server/auth/src/main/webapp/img/w3cvalidhtml5.jpg b/id/server/auth/src/main/webapp/img/w3cvalidhtml5.jpg new file mode 100644 index 000000000..2cd65412e Binary files /dev/null and b/id/server/auth/src/main/webapp/img/w3cvalidhtml5.jpg differ diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html index 937ae0098..05605388c 100644 --- a/id/server/auth/src/main/webapp/index.html +++ b/id/server/auth/src/main/webapp/index.html @@ -9,7 +9,7 @@ - +

Dokumentation

diff --git a/id/server/auth/src/main/webapp/info_bk.html b/id/server/auth/src/main/webapp/info_bk.html new file mode 100644 index 000000000..59aea64cb --- /dev/null +++ b/id/server/auth/src/main/webapp/info_bk.html @@ -0,0 +1,100 @@ + + + + Information + + + + + +

+ Zum Inhalt springen +

+ +

+ Informationen zur Bürgerkarte +

+ Hinweis: + Für natürliche Personen ist beim Login mit Bürgerkarte keine Erstanmeldung erforderlich. +

+ Um mit der Bürgerkarte einsteigen zu können, benötigen Sie: +

+ eine Chipkarte, die für die Verwendung als Bürgerkarte geeignet ist, wie zum Beispiel Ihre e-card, Bankomatkarte oder Signaturkarte von A-Trust +
+ einen Kartenleser mit den dazugehörigen Treibern +
+ eine Bürgerkartensoftware (BKU) +

oder

+ ein Mobiltelefon, das zur Nutzung als Handysignatur registriert ist. +

Als Bürgerkartensoftware stehen Ihnen folgende drei Varianten zur Verfügung: +

Lokale BKU: Diese Software wird lokal auf Ihrem Computer installiert. Die Software finden sie unter http://www.buergerkarte.at/download.de.php +
Online BKU: Mit der Online BKU wird keine lokale Bürgerkartensoftware am PC benötigt. Über JAVA Technologien werden die benötigten Funktionen als Applet im Browser ausgeführt. Einzige Voraussetzung ist eine aktuelle JAVA Version (ab Java 6). +
Handysignatur: Mit der Handysignatur können Sie sich mittels ihres Mobiltelefons anmelden. Voraussetzung ist eine vorherige Registrierung. Mehr Informationen hierzu finden Sie auf: https://www.handy-signatur.at/
+
+ Informationen zur Bürgerkarte finden Sie hier: +

+ Digitales Österreich: Informationen rund um E-Government +
+ Bürgerkarte: Informationen zur Bürgerkarte +

+
+ Hier bekommen Sie Ihre Bürgerkarte: +

+ A-Trust: Aktivieren der Bankomatkarte/e-card als Bürgerkarte oder Registrierung ihres Mobiltelefons als Bürgerkarte oder Ausstellung einer eigenen Bürgerkarte +

+ zurück +

+ + \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/info_mandates.html b/id/server/auth/src/main/webapp/info_mandates.html new file mode 100644 index 000000000..c46b91636 --- /dev/null +++ b/id/server/auth/src/main/webapp/info_mandates.html @@ -0,0 +1,58 @@ + + + + Information + + + + + +

+ Zum Inhalt springen +

+ +

+ Information zur Anmeldung mittels elektronischer Vollmacht +

Aktivieren Sie das Kästchen "in Vertretung anmelden", + wenn Sie sich als Vertreter für eine andere Person anmelden möchten. Das Vollmachtenservice + der Stammzahlenregisterbehörde bietet Ihnen Ihre verfügbaren Vollmachten zur Auswahl an.

+ + +

Das Service zum Eintragen einer Vollmacht zwischen zwei natürlichen Personen können Sie + unter dem Hyperlink Bilaterale Vollmacht + eintragen.

+ +

Als Organwalter (gemäß § 5 Abs. 3 E-GovG) und berufsmäßige Parteinvertreter, + aktivieren Sie bitte ebenfalls das Kästchen "in Vertretung anmelden".

+ + +

Hinweis: Welche Vollmachten Ihnen bei der jeweiligen + Bürgerkartenapplikation zur Verfügung stehen, hängt vom Anwendungsbetreiber ab.

+ + \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/info_stork.html b/id/server/auth/src/main/webapp/info_stork.html new file mode 100644 index 000000000..2bdf62711 --- /dev/null +++ b/id/server/auth/src/main/webapp/info_stork.html @@ -0,0 +1,42 @@ + + + + Information (STORK) + + + + + +

+ Go to contents +

+ +

+ Information using STORK for secure authentication +

+ +

For more information, please consult the STORK website:

https://www.eid-stork2.eu/ +

+ + \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/template_handyBKU.html b/id/server/auth/src/main/webapp/template_handyBKU.html new file mode 100644 index 000000000..91f7fad6f --- /dev/null +++ b/id/server/auth/src/main/webapp/template_handyBKU.html @@ -0,0 +1,38 @@ + + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/template_localBKU.html b/id/server/auth/src/main/webapp/template_localBKU.html new file mode 100644 index 000000000..f197d2c5c --- /dev/null +++ b/id/server/auth/src/main/webapp/template_localBKU.html @@ -0,0 +1,30 @@ + + + + + + + + + + + + + + + diff --git a/id/server/auth/src/main/webapp/template_onlineBKU.html b/id/server/auth/src/main/webapp/template_onlineBKU.html new file mode 100644 index 000000000..534d3dc55 --- /dev/null +++ b/id/server/auth/src/main/webapp/template_onlineBKU.html @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + -- cgit v1.2.3 From 3075521544ff79c5fa0d740c6b388bfeab58b8c5 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Wed, 12 Mar 2014 09:57:37 +0100 Subject: storing datacontainer in temporary storage before redirecting --- .../auth/src/main/webapp/WEB-INF/urlrewrite.xml | 4 ++++ .../moa/id/protocols/stork2/ConsentEvaluator.java | 25 ++++++++++++++++++++++ .../moa/id/protocols/stork2/STORKProtocol.java | 4 ++-- 3 files changed, 31 insertions(+), 2 deletions(-) (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index d6df363c5..461ff7efc 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -60,6 +60,10 @@ ^/stork2/ResumeAuthentication$ /dispatcher?mod=id_stork2&action=AttributeCollector&%{query-string} + + ^/stork2/CompleteAuthentication$ + /dispatcher?mod=id_stork2&action=ConsentEvaluator&%{query-string} + ^/stork2/SendPEPSAuthnRequest$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 9745d81c5..8b7bcf0c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -1,21 +1,27 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.io.StringWriter; +import java.util.ArrayList; +import java.util.HashMap; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.PEPSUtil; +import eu.stork.peps.auth.commons.PersonalAttribute; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -63,6 +69,25 @@ public class ConsentEvaluator implements IAction { */ public String requestConsent(DataContainer container, HttpServletResponse response, OAAuthParameter oaParam) throws MOAIDException { // prepare redirect + String newArtifactId; + try { + + // memorize the container again + Logger.debug("prepare putting the container into temporary storage..."); + + // - generate new key + newArtifactId = new SecureRandomIdentifierGenerator().generateIdentifier(); + + // - put container in temporary store. + AssertionStorage.getInstance().put(newArtifactId, container); + + Logger.debug("...successful"); + + } catch (Exception e1) { + // TODO should we return the response as is to the PEPS? + Logger.error("Error putting incomplete Stork response into temporary storage", e1); + throw new MOAIDException("stork.17", null); + } // ask for consent diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index b1c923b9f..19d1c7f15 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -33,7 +33,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { static { actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest()); actions.put(ATTRIBUTE_COLLECTOR, new AttributeCollector()); - actions.put(CONSENT_EVALUATOR, new ConsentEvaluatorSepp()); + actions.put(CONSENT_EVALUATOR, new ConsentEvaluator()); } public String getName() { @@ -65,7 +65,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { MOASTORKRequest STORK2Request = new MOASTORKRequest(); - if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluatorSepp.class.getSimpleName().equals(action)) + if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action)) return STORK2Request; //extract STORK Response from HTTP Request -- cgit v1.2.3 From 7f896d543b412062935db895c9a951d64d638b5d Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Tue, 18 Mar 2014 16:02:05 +0100 Subject: correcting mandate request --- .../auth/src/main/webapp/WEB-INF/urlrewrite.xml | 4 +- .../id/protocols/stork2/AttributeCollector.java | 2 +- .../protocols/stork2/AttributeProviderFactory.java | 7 +- .../id/protocols/stork2/AuthenticationRequest.java | 8 +- .../stork2/MandateAttributeRequestProvider.java | 109 +++++++++++++++++---- 5 files changed, 105 insertions(+), 25 deletions(-) (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index 461ff7efc..5ed7739ec 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -69,11 +69,11 @@ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} - ^/moa-id-auth/SendPEPSAuthnRequest$ + ^/stork2/SendPEPSAuthnRequest$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} - ^/moa-id-auth/RetrieveMandate$ + ^/stork2/RetrieveMandate$ /dispatcher?mod=id_stork2&action=MandateRetrievalRequest&%{query-string} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 1dfccb6c0..e0f14c41d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -194,7 +194,7 @@ public class AttributeCollector implements IAction { * @throws MOAIDException */ private void addOrUpdateAll(IPersonalAttributeList target, IPersonalAttributeList source) throws MOAIDException { - Logger.info("Updating " + source.size() + " attributes..."); + Logger.info("Updating " + source.size() + " attribute(s)..."); for (PersonalAttribute current : source) { Logger.debug("treating " + current.getName()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java index a8a9d9677..7fb7a7bc6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProviderFactory.java @@ -41,7 +41,12 @@ public class AttributeProviderFactory { } else if (shortname.equals("SignedDocAttributeRequestProvider")) { return new SignedDocAttributeRequestProvider(url, attributes); } else if (shortname.equals("MandateAttributeRequestProvider")) { - return new MandateAttributeRequestProvider(url, attributes); + try { + return new MandateAttributeRequestProvider(url, attributes); + } catch (Exception ex) { + ex.printStackTrace(); + return null; + } } else { return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 442fa8a5b..88c0e889d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -66,12 +66,8 @@ public class AuthenticationRequest implements IAction { Logger.debug("Starting AuthenticationRequest"); moaStorkResponse.setSTORKAuthnResponse(new STORKAuthnResponse()); - // Get personal attributtes from MOA/IdentityLink - moaStorkResponse.setPersonalAttributeList(populateAttributes()); - STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP"); - STORKAuthnResponse authnResponse = new STORKAuthnResponse(); Logger.debug("Starting generation of SAML response"); try { @@ -80,6 +76,10 @@ public class AuthenticationRequest implements IAction { // TODO } + // Get personal attributtes from MOA/IdentityLink + moaStorkResponse.setPersonalAttributeList(populateAttributes()); + + } //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java index 123999166..d3eded934 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java @@ -1,52 +1,127 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.PersonalAttribute; -import eu.stork.peps.auth.commons.PersonalAttributeList; +import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.peps.auth.commons.*; +import eu.stork.peps.auth.engine.STORKSAMLEngine; +import eu.stork.peps.exceptions.STORKSAMLEngineException; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.io.StringWriter; /** - * Provides mandate attribute from MIS - * + * Provides mandate attribute from MIS */ public class MandateAttributeRequestProvider implements AttributeProvider { - /** The destination. */ - private Object destination; + /** + * The destination. + */ + private String destination; - /** The attributes. */ + /** + * The attributes. + */ private String attributes; - public MandateAttributeRequestProvider(String url, String supportedAttributes) { + private String spCountryCode; + + private PersonalAttributeList requestedAttributes; + + public MandateAttributeRequestProvider(String aPurl, String supportedAttributes) throws MOAIDException { Logger.setHierarchy("moa.id.protocols.stork2"); - destination = url; + destination = aPurl; attributes = supportedAttributes; } - public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { - Logger.info("Acquiring attribute: " + this.getClass().getName()); + public String getAttrProviderName() { + return "MandateAttributeRequestProvider"; + } + + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName()); + this.spCountryCode = spCountryCode; + requestedAttributes = new PersonalAttributeList(1); + requestedAttributes.add(attribute); + // break if we cannot handle the requested attribute - if(!attributes.contains(attribute.getName())) + if (!attributes.contains(attribute.getName())) { + Logger.info("Attribute " + attribute.getName() + " not supported by the provider: " + getAttrProviderName()); throw new UnsupportedAttributeException(); + } PersonalAttributeList result = new PersonalAttributeList(); //return result; + Logger.info("Thrown external request by: " + getAttrProviderName()); throw new ExternalAttributeRequestRequiredException(this); } public void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, OAAuthParameter oaParam) throws MOAIDException { - Logger.info("Redirecting: " + this.getClass().getName()); + Logger.setHierarchy("moa.id.protocols.stork2"); + + String spSector = "Business"; + String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); + String spApplication = spInstitution; + + //generate AuthnRquest + STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest(); + attributeRequest.setDestination(destination); + attributeRequest.setAssertionConsumerServiceURL(url); + attributeRequest.setIssuer(HTTPUtils.getBaseURL(req)); + attributeRequest.setQaa(oaParam.getQaaLevel()); + attributeRequest.setSpInstitution(spInstitution); + attributeRequest.setCountry(spCountryCode); + attributeRequest.setSpCountry(spCountryCode); + attributeRequest.setSpApplication(spApplication); + attributeRequest.setSpSector(spSector); + attributeRequest.setPersonalAttributeList(requestedAttributes); + + attributeRequest.setCitizenCountryCode("AT"); + + + Logger.info("STORK AttrRequest successfully assembled."); + + STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("VIDP"); + try { + attributeRequest = samlEngine.generateSTORKAttrQueryRequest(attributeRequest); + } catch (STORKSAMLEngineException e) { + Logger.error("Could not sign STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.00", null); + } + + Logger.info("STORK AttrRequest successfully signed!"); + + try { + Logger.trace("Initialize VelocityEngine..."); + + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); + VelocityContext context = new VelocityContext(); + context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(attributeRequest.getTokenSaml())); + context.put("action", destination); + + StringWriter writer = new StringWriter(); + template.merge(context, writer); + + resp.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e) { + Logger.error("Error sending STORK SAML AttrRequest.", e); + throw new MOAIDException("stork.11", null); + } + Logger.info("STORK AttrRequest successfully rendered!"); } public IPersonalAttributeList parse(HttpServletRequest httpReq) throws UnsupportedAttributeException, MOAIDException { - Logger.info("Parsing attribute: " + this.getClass().getName()); - return null; // } + } + -- cgit v1.2.3 From 658cb68c445d5b73815c43b66dd717483a425ea5 Mon Sep 17 00:00:00 2001 From: Bojan Suzic Date: Fri, 21 Mar 2014 11:23:03 +0100 Subject: service provider url --- id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'id/server/auth/src') diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index 5ed7739ec..6f451ec79 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -68,6 +68,10 @@ ^/stork2/SendPEPSAuthnRequest$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + + ^/stork2/ServiceProvider$ + /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} + ^/stork2/SendPEPSAuthnRequest$ /dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string} -- cgit v1.2.3

Fehler bei der Anmeldung

Inhalt

1 Allgemeines

1.1 Externe Services

1.1.1 Online-Vollmachten

1.1.2 Ausländische Bürger

2 MOA-ID-Auth

2.1 Ablauf einer Anmeldung

3 MOA-ID-Configuration

MOA-Template zur Bürgerkartenauswahl (Musterseite)

- Informationen zur Bürgerkarte -

MOA-Template zur Bürgerkartenauswahl (Musterseite)

- Information zur Anmeldung mittels elektronischer Vollmacht -

Information using STORK for secure authentication

- Information using STORK for secure authentication -

MOA-ID AUTH

Fehler bei der Anmeldung

MOA-Template zur Bürgerkartenauswahl (Musterseite)

+ Informationen zur Bürgerkarte +

MOA-Template zur Bürgerkartenauswahl (Musterseite)

+ Information zur Anmeldung mittels elektronischer Vollmacht +

Information using STORK for secure authentication

+ Information using STORK for secure authentication +