From 33a37cce841e6c48ab044cd153aa7ed7cfffc6cc Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Wed, 14 Jan 2015 12:41:54 +0100 Subject: Apply some minor fixes. - Add some FIXMEs. - Fix moa-id-auth web.xml and switch to Servlet 3.0. - Fix moa-id-auth logging (replace commons-logging with commons-logging-slf4j bridge, use log4j native binding). - Adjust logging of periodical tasks (no more logging at info level). --- id/server/auth/pom.xml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'id/server/auth') diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index dd75ee6aa..7db6ce648 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -112,11 +112,25 @@ axis-wsdl4j axis + + commons-logging + commons-logging + MOA.id.server moa-id-lib + + + commons-logging + commons-logging + + + ch.qos.logback + logback-classic + + eu.stork @@ -173,6 +187,13 @@ provided + + + org.slf4j + jcl-over-slf4j + 1.7.10 + + -- cgit v1.2.3 From 92717efaa56e3d0f7c271b91483507cf981b417b Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Fri, 16 Jan 2015 10:19:44 +0100 Subject: Add minor fixes and updates. - Fix moa-id-auth web.xml and upgrade to servlet 3.0. - Reformat loginFormFull.html in order to enhance readability. - Add some TODOs and FIXMEs. - Adding some comments to DispatcherServlet in order to ease understanding the process. --- id/server/auth/src/main/webapp/WEB-INF/web.xml | 71 ++++++++++++++++---------- 1 file changed, 44 insertions(+), 27 deletions(-) (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 42085b01e..fb3888a3e 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -1,8 +1,25 @@ - - + MOA ID Auth MOA ID Authentication Service + + + + org.springframework.web.context.ContextLoaderListener + + + + + requestContextFilter + org.springframework.web.filter.RequestContextFilter + + + requestContextFilter + /* + + - GenerateIframeTemplate - GenerateIframeTemplate Generate BKU Request template + GenerateIframeTemplate + GenerateIframeTemplate at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet - RedirectServlet RedirectServlet + RedirectServlet at.gv.egovernment.moa.id.auth.servlet.RedirectServlet - MonitoringServlet MonitoringServlet + MonitoringServlet at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet - SSOSendAssertionServlet SSOSendAssertionServlet + SSOSendAssertionServlet at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet - LogOut - LogOut SSO LogOut + LogOut + LogOut at.gv.egovernment.moa.id.auth.servlet.LogOutServlet - IDPSLO - IDP-SLO IDP Single LogOut Service + IDP-SLO + IDPSLO at.gv.egovernment.moa.id.auth.servlet.IDPSingleLogOutServlet - VerifyIdentityLink - VerifyIdentityLink Verify identity link coming from security layer + VerifyIdentityLink + VerifyIdentityLink at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet - VerifyCertificate - VerifyCertificate Verify the certificate coming from security layer + VerifyCertificate + VerifyCertificate at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet - GetMISSessionID - GetMISSessionID Get the MIS session ID coming from security layer + GetMISSessionID + GetMISSessionID at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet - GetForeignID - GetForeignID Gets the foreign eID from security layer + GetForeignID + GetForeignID at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet - VerifyAuthBlock - VerifyAuthBlock Verify AUTH block coming from security layer + VerifyAuthBlock + VerifyAuthBlock at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet - AxisServlet Apache-Axis Servlet + AxisServlet org.apache.axis.transport.http.AxisServlet @@ -100,18 +117,18 @@ org.apache.jasper.servlet.JspServlet --> - PEPSConnectorServlet - PEPSConnectorServlet Servlet receiving STORK SAML Response Messages from different C-PEPS + PEPSConnectorServlet + PEPSConnectorServlet at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet - PEPSConnectorWithLocalSigningServlet - PEPSConnectorWithLocalSigningServlet Servlet receiving STORK SAML Response Messages from different C-PEPS + PEPSConnectorWithLocalSigningServlet + PEPSConnectorWithLocalSigningServlet at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet @@ -124,8 +141,8 @@ 1 --> - DispatcherServlet Dispatcher Servlet + DispatcherServlet at.gv.egovernment.moa.id.entrypoints.DispatcherServlet 1 -- cgit v1.2.3 From 1e0d9d236dec23ed079f043bd87e8b2cd0f87907 Mon Sep 17 00:00:00 2001 From: Christian Maierhofer Date: Fri, 16 Jan 2015 10:29:11 +0100 Subject: modified moa-id auth start page --- id/server/auth/src/main/webapp/common/MOA.css | 617 --------------------- .../auth/src/main/webapp/common/logo_digAT.png | Bin 0 -> 22964 bytes id/server/auth/src/main/webapp/common/main.css | 253 +++++++++ id/server/auth/src/main/webapp/index.html | 193 +++---- 4 files changed, 344 insertions(+), 719 deletions(-) delete mode 100644 id/server/auth/src/main/webapp/common/MOA.css create mode 100644 id/server/auth/src/main/webapp/common/logo_digAT.png create mode 100644 id/server/auth/src/main/webapp/common/main.css (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/common/MOA.css b/id/server/auth/src/main/webapp/common/MOA.css deleted file mode 100644 index b7a2b9280..000000000 --- a/id/server/auth/src/main/webapp/common/MOA.css +++ /dev/null @@ -1,617 +0,0 @@ -body -{ - font-family: "Times New Roman", Times, serif; - font-size: medium; - font-weight: normal; - margin-left: 2.5em; - margin-right: 2.5em; - background-color: white; - text: #000000; - link: #990000; - vlink: #666666; - alink: #cc9966; -} - - - -p -{ - margin-top: 0pt; - margin-bottom: 0.5em; - text-align: justify -} - -pre -{ - font-family: "Courier New", monospace; - font-size: 90%; - background-color: #cccccc; - color: #000000; - margin-left:1.5%; - margin-right:1.5%; - margin-top: 1em; - margin-bottom: 1em; - border: #008000 none; -} - -hr -{ - color: #000080; - background-color: #000080; - margin-top: 0.5em; - margin-bottom: 0.5em; -} - -table.fixedWidth -{ - width: 97%; - margin-left:1.5%; - margin-right:1.5%; - margin-top: 1em; - margin-bottom: 1em; -} - - -table.varWidth -{ - margin-left:1.5%; - margin-top: 1em; - margin-bottom: 1em; -} - -th -{ - text-align: left; -} - -h1 -{ - color: #000000; - text-align: left; - font-size: 167%; - font-family: Arial, Helvetica, sans-serif; - font-weight: normal; - background-color:#999; -} - -h2 -{ - color: #000000; - font-size: 150%; - font-family: Arial, Helvetica, sans-serif; - font-weight: normal; - background-color:#999; -} - -h3 -{ - color: #000000; - font-size: 133%; - font-family: Arial, Helvetica, sans-serif; - font-weight: normal; - background-color:#999; -} - -h4 -{ - color: #000000; - font-size: 116%; - font-family: Arial, Helvetica, sans-serif; - font-weight: normal; - background-color:#999; -} - -h5 -{ - color: #000000; - font-size: 100%; - font-family: Arial, Helvetica, sans-serif; - font-weight: normal; - background-color:#999; -} - -h6 -{ - color: #000000; - font-size: 83%; - font-family: Arial, Helvetica, sans-serif; - font-weight: normal; - background-color:#999; -} - -code -{ - font-family: "Courier New", Courier, monospace; - font-size: 90%; - color: #000000 -} - -dd -{ - margin-top: 0.8em; - margin-bottom: 0.8em; - text-align: justify - -} - -dt -{ - margin-top: 0.8em; - font-family: Arial, Helvetica, sans-serif; - color: #000080 -} - -ol -{ - margin-top: 0.5em; - margin-bottom: 0.5em -} - -ol.alpha -{ - list-style-type: lower-alpha -} - -li -{ - margin-top: 0.25em; - margin-bottom: 0.25em; - text-align: justify -} - -a:hover -{ - color: #990000 -} - - -.title -{ - text-align: left; - font-size: 200%; - color: #000000; - font-family: Arial, Helvetica, sans-serif; - margin-top: 0.4em; - margin-bottom: 0.4em; - background-color:#999; -} - -.subtitle -{ - text-align: left; - font-size: 133%; - color: #000000; - font-family: Arial, Helvetica, sans-serif; - margin-top: 0.4em; - margin-bottom: 0.4em -} - -.glossaryTerm -{ - font-style: italic; - color: #006699 -} - -.example -{ - font-family: "Courier New", monospace; - background-color: #CCFFFF; - color: #000000; - margin: 0pt 0pt; - border: #008000 none -} - -.schema -{ - font-family: "Courier New", monospace; - background-color: #FFFFCC; - color: #000000; - margin: 0pt 0pt; - border: #008000 none -} - -.documentinfo -{ - font-family: Arial, Helvetica, sans-serif; - font-size: 100%; -} - -.ol-contents -{ - font-size: 100%; - margin-top: 0.0em; - margin-bottom: 0.0em; -} - -.li-contents -{ - font-size: 100%; - margin-top: 0.0em; - margin-bottom: 0.0em; -} - -.logoTitle -{ - text-align: center; - font-size: 200%; - color: #000080; - font-family: Arial, Helvetica, sans-serif; -} - -.logoTable -{ - margin-bottom: 0px; - margin-left: 0px -} - -.superscript -{ - vertical-align: super; - font-size: 66%; -} - -.term -{ - font-style: italic; -} - -.comment -{ - color: #000000; - background: #ffff00; - font-style: italic -} - -.addedErrata12 -{ - color: #FF0000; - background-color: #FFEEEE; - text-decoration: underline -} - -.deletedErrata12 -{ - color: #999999; - background-color: #EEEEEE; - text-decoration: line-through -} - -.added12 -{ - color: #FF0000; - text-decoration: underline -; background-color: #F8F0FF -} - -.deleted12 -{ - color: #999999; - text-decoration: line-through -; background-color: #f8f0ff -} - -.rfc2119Keyword -{ - font-variant: small-caps; - font-style: normal; -} - -.remark { font-style: italic} - -li.faq -{ - margin-top: 1.5em; - margin-bottom: 1.5em; -} - -.faq-question -{ - color: #000080; - font-size: 100%; - font-family: Arial, Helvetica, sans-serif; - font-weight: normal; - margin-bottom: 0.4em; -} - - -/*body -{ - font-family: "Times New Roman", Times, serif; - font-size: medium; - font-weight: normal; - margin-left: 2.5em; - margin-right: 2.5em; -} - -p -{ - margin-top: 0pt; - margin-bottom: 0.5em; - text-align: justify -} - -pre -{ - font-family: "Courier New", monospace; - font-size: 90%; - background-color: #cccccc; - color: #000000; - margin-left:1.5%; - margin-right:1.5%; - margin-top: 1em; - margin-bottom: 1em; - border: #008000 none; -} - -hr -{ - color: #000080; - background-color: #000080; - margin-top: 0.5em; - margin-bottom: 0.5em; -} - -table.fixedWidth -{ - width: 97%; - margin-left:1.5%; - margin-right:1.5%; - margin-top: 1em; - margin-bottom: 1em; -} - - -table.varWidth -{ - margin-left:1.5%; - margin-top: 1em; - margin-bottom: 1em; -} - -th -{ - text-align: left; -} - -h1 -{ - color: #000080; - text-align: left; - font-size: 167%; - font-family: Arial, Helvetica, sans-serif; - font-weight: normal -} - -h2 -{ - color: #000080; - font-size: 150%; - font-family: Arial, Helvetica, sans-serif; - font-weight: normal -} - -h3 -{ - color: #000080; - font-size: 133%; - font-family: Arial, Helvetica, sans-serif; - font-weight: normal -} - -h4 -{ - color: #000080; - font-size: 116%; - font-family: Arial, Helvetica, sans-serif; - font-weight: normal -} - -h5 -{ - color: #000080; - font-size: 100%; - font-family: Arial, Helvetica, sans-serif; - font-weight: normal -} - -h6 -{ - color: #000080; - font-size: 83%; - font-family: Arial, Helvetica, sans-serif; - font-weight: normal -} - -code -{ - font-family: "Courier New", Courier, monospace; - font-size: 90%; - color: #000000 -} - -dd -{ - margin-top: 0.8em; - margin-bottom: 0.8em; - text-align: justify - -} - -dt -{ - margin-top: 0.8em; - font-family: Arial, Helvetica, sans-serif; - color: #000080 -} - -ol -{ - margin-top: 0.5em; - margin-bottom: 0.5em -} - -ol.alpha -{ - list-style-type: lower-alpha -} - -li -{ - margin-top: 0.25em; - margin-bottom: 0.25em; - text-align: justify -} - -a:hover -{ - color: #990000 -} - - -.title -{ - text-align: left; - font-size: 167%; - color: #000080; - font-family: Arial, Helvetica, sans-serif; - margin-top: 0.4em; - margin-bottom: 0.4em -} - -.subtitle -{ - text-align: left; - font-size: 133%; - color: #000080; - font-family: Arial, Helvetica, sans-serif; - margin-top: 0.4em; - margin-bottom: 0.4em -} - -.glossaryTerm -{ - font-style: italic; - color: #006699 -} - -.example -{ - font-family: "Courier New", monospace; - background-color: #CCFFFF; - color: #000000; - margin: 0pt 0pt; - border: #008000 none -} - -.schema -{ - font-family: "Courier New", monospace; - background-color: #FFFFCC; - color: #000000; - margin: 0pt 0pt; - border: #008000 none -} - -.documentinfo -{ - font-family: Arial, Helvetica, sans-serif; - font-size: 100%; -} - -.ol-contents -{ - font-size: 100%; - margin-top: 0.0em; - margin-bottom: 0.0em; -} - -.li-contents -{ - font-size: 100%; - margin-top: 0.0em; - margin-bottom: 0.0em; -} - -.logoTitle -{ - text-align: center; - font-size: 133%; - color: #000080; - font-family: Arial, Helvetica, sans-serif; -} - -.logoTable -{ - margin-bottom: 0px; - margin-left: 0px -} - -.superscript -{ - vertical-align: super; - font-size: 66%; -} - -.term -{ - font-style: italic; -} - -.comment -{ - color: #000000; - background: #ffff00; - font-style: italic -} - -.addedErrata12 -{ - color: #FF0000; - background-color: #FFEEEE; - text-decoration: underline -} - -.deletedErrata12 -{ - color: #999999; - background-color: #EEEEEE; - text-decoration: line-through -} - -.added12 -{ - color: #FF0000; - text-decoration: underline -; background-color: #F8F0FF -} - -.deleted12 -{ - color: #999999; - text-decoration: line-through -; background-color: #f8f0ff -} - -.rfc2119Keyword -{ - font-variant: small-caps; - font-style: normal; -} - -.remark { font-style: italic} - -li.faq -{ - margin-top: 1.5em; - margin-bottom: 1.5em; -} - -.faq-question -{ - color: #000080; - font-size: 100%; - font-family: Arial, Helvetica, sans-serif; - font-weight: normal; - margin-bottom: 0.4em; -} -*/ \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/common/logo_digAT.png b/id/server/auth/src/main/webapp/common/logo_digAT.png new file mode 100644 index 000000000..4f36681e2 Binary files /dev/null and b/id/server/auth/src/main/webapp/common/logo_digAT.png differ diff --git a/id/server/auth/src/main/webapp/common/main.css b/id/server/auth/src/main/webapp/common/main.css new file mode 100644 index 000000000..6bd964346 --- /dev/null +++ b/id/server/auth/src/main/webapp/common/main.css @@ -0,0 +1,253 @@ +html { + font-family: "Roboto", sans-serif; + color: #000; + font-weight:300; +} + +.container { + margin: auto; + max-width: 1000px; + padding-left: 20px; + padding-right: 20px; +} + +body { + margin: 0; + padding: 0; + letter-spacing: 0.05em; +} + +h1 +{ +font-family: "Roboto", sans-serif; +} + +#headline { + /*background: linear-gradient(center top , #FAFAFA, #F5F5F5) repeat scroll 0% 0% transparent;*/ + background: linear-gradient(#FAFAFA, #F5F5F5); + border-bottom: 1px solid #EEE; +} + +#headline br { + clear: both; +} + +#headline h1 { + color: #404040; + padding-right: 1em; + padding-top: 0.3em; + margin-bottom: 0; + float: right; + font-size: 220%; + font-weight: 400; + } +#headline img { + width: 300px; + padding-left: 0; + padding-top: 35px; + padding-bottom:20px; + } + +#description { + text-align: justify; +} + +#maincontent { + height: 13em; +} + +#demologin p { + padding-left: 10px; + padding-right: 10px; + text-align: justify; + font-size: 100%; + color: #000; + padding-top:20px; + +} + +#demologin a{ + +} + +.button { + border-radius: 5px; + /*background-color: rgb(41,127,184); */ + background-color: #E10319; + text-decoration: none; + text-transform: uppercase; + padding: 10px 80px 10px 80px; + letter-spacing: 1.5px; + text-shadow: 0px 1px 0px rgba(0, 0, 0, 0.3); + color: WHITE; + box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3); + margin-left: 10px; +} + +.button:hover { + box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.8); + text-shadow: 0px 1px 0px rgba(0, 0, 0, 0.9); +} + +#singlelogout { + clear: both; + width: 100%; + box-sizing: border-box; + +} +a{ + text-decoration: none; + font-size:100%; + color: #666; +} +a:hover{ + text-decoration: none; + font-size:100%; + color: #E10319; +} + +/*****************************/ +@media ( max-width :599px) { + #headline { + /*background: linear-gradient(center top , #FAFAFA, #F5F5F5) repeat scroll 0% 0% transparent;*/ + background: linear-gradient(#FAFAFA, #F5F5F5); + border-bottom: 1px solid #EEE; + } + + #headline img { + width: 150px; + padding-left: 0; + padding-top: 0.5em; + padding-bottom:0.5em; + } + #headline br { + clear: both; + } + #headline h1 {font-family: "Roboto", sans-serif; + color: #404040; + padding: 0; + margin-bottom: 0; + margin-top: 0; + text-align: center; + } + nav { + display: block; + width: 100%; + text-align: center; + box-sizing: border-box; + color: WHITE; + margin: 0px 0px 0px 0px; + overflow: hidden; + + } + nav ul { + margin: 0; + padding: 0; + } + nav ul li { + list-style-type: none; + padding-top: 2px; + padding-bottom: 2px; + } + nav>ul>li>a { + color: #666; + display: block; + text-decoration: none; + } + nav>ul>li:hover { + color: #404040; + } + nav>ul>li:hover>a { + color: #404040; + } + nav>ul>li:active>a { + color: #404040; + } + #demologin { + width: 100%; + box-sizing: border-box; + border: 1px solid; + border-radius: 1px; + border-color: #818286; + background: #F5F5F5; + height: 182px; + width: 242px; + margin-top: 18px; + padding-left:0; + } +} +/*****************************/ +@media ( min-width :600px) { + #headline { + /*background: linear-gradient(center top , #FAFAFA, #F5F5F5) repeat scroll 0% 0% transparent;*/ + background: linear-gradient(#FAFAFA, #F5F5F5); + border-bottom: 1px solid #EEE; + + } + #headline br { + clear: both; + } + + #headline h1 { + color: #404040; + padding-right: 1em; + padding-top: 0.15em; + margin-bottom: 0; + float: right; + } + #headline img { + width: 300px; + padding-left: 0; + padding-top: 35px; + padding-bottom:20px; + } + nav { + display: block; + float: left; + width: 30%; + box-sizing: border-box; + background-color: #fff; + color: #888; + margin: 8px 0px 8px 0px; + overflow: hidden; + } + nav ul { + margin: 0; + padding: 0; + } + nav ul li { + list-style-type: none; + padding-top: 15px; + } + nav>ul>li>a { + color: #666; + display: block; + text-decoration: none; + } + nav>ul>li:hover { + color: #E10319; + } + nav>ul>li:hover>a { + color: #E10319; + } + nav>ul>li:active>a { + color: #E10319; + } + #demologin { + float: right; + width: 50%; + box-sizing: border-box; + border: 1px solid; + border-radius: 1px; + border-color: #818286; + background: #F5F5F5; + height: 282px; + width: 342px; + margin-right: 150px; + margin-top: 18px; + padding-left:0; + } + #demologin a:hover{ + color:white; + } +} \ No newline at end of file diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html index 391195def..381d8d82d 100644 --- a/id/server/auth/src/main/webapp/index.html +++ b/id/server/auth/src/main/webapp/index.html @@ -1,102 +1,91 @@ - - - - - MOA-ID 2.1.x - - - - - - - - - -
Logo BKA Logo EGIZ
-
-

MOA-ID 2.1.2

-
-

Inhalt

-
    -
  1. Allgemeines -
      -
    1. Externe Services
    2. -
    -
  2. -
  3. MOA-ID-Auth -
      -
    1. Ablauf einer Anmeldung
    2. -
    -
  4. -
  5. MOA-ID-Configuration
  6. -
-
-

1 Allgemeines

-

Das Module MOA-ID-Auth kann von Anwendungen zur Identifizierung und Authentifizierung im Rahmen eines Anmeldeprozesses an einer Online-Applikation verwendet werden. Die Konfiguration des Modules MOA-ID-Auth erfolgt mit Hilfe des Zusatzmodules MOA-ID-Configuration welches eine web-basierte Konfigurationsschnittstelle zur Verfügung stellt.

-

Das nachfolgende Blockdiagramm zeigt Struktur von MOA-ID und gibt eine kurze Beschreibung der einzelnen Komponenten.

-

Architektur MOA-ID

-

 

-

MOA-ID besteht aus folgenden Kernkomponenten:

-
    -
  1. CORE LOGIC: Diese Komponente ist die zentrale Logik zur Steuerung der einzelnen Prozesse innerhalb MOA-ID 2.x.
  2. -
  3. Protocol Adapter: Stellt die in MOA-ID 2.x unterstützten Authentifizierungsprotokolle für die Anbindung von Service Providern zur Verfügung.
  4. -
  5. Auth Sources: Stellt die von MOA-ID 2.x unterstützten Identifikationsmechanismen und Single Sign-On Management Funktionen zur Verfügung. Dies sind die österreichische Bürgerkarte oder Handy-Signatur, die Anmeldung ausländischer Personen mit Hilfe des STORK Protokoll oder mittels Single Sign-On von einem weiteren vertrauenswürdigen Identity Provider (Interfederation). Dieses Modul beinhaltet somit alle jene Funktionen welche für den Authentifizierungs- oder Abmeldeprocess erforderlich sind.
  6. -
  7. Template Generator: Der Template Generator erzeugt für Service Provider die entsprechenden Login-Masken für die Integration in die eigene Web-Applikation.
  8. -
  9. SSO Module: Das Single Sign-On (SSO) Modul verwaltet die zusätzlichen Operationen die sich aus der Umsetzung von SSO ergeben. Dies umfasst im Besonderen das SSO Session-Management.
  10. -
  11. Statistic Module: Dieses Modul dient zur Generierung von anonymisierten Statistikdaten aus den Anmeldeinformationen.
  12. -
  13. Monitoring & Testing Module: Dieses Modul implementiert Methoden mit deren Hilfe einzelne funktionale Bereiche aus MOA-ID-Auth getestet werden können. Somit dient dieses Modul als Schnittstellte zu einem externen Monitoring-Service.
  14. -
  15. Configuration Modul: Dieses Modul stellt die Schnittstelle zur MOA-ID-Auth Konfiguration dar welche in einer Datenbank abgelegt wird.
  16. -
  17. Konfigurationstool: Oberfläche, mit deren Hilfe MOA-ID konfiguriert werden kann. Dies umfasst sowohl allgemeine Konfigurationsteile als auch die Konfiguration der einzelnen bei MOA-ID-Auth registrierten Online-Applikationen. Service Provider können sich am Konfigurationstool mittels Bürgerkarte oder Handy-Signatur anmelden und ihre Online-Applikationen verwalten.
  18. -
-

1.1 Externe Services

-

Für die Anmeldung in Vertretung und die Anmeldung ausländischer Personen werden zusätzliche externe Services verwendet.

-

1.1.1 Online-Vollmachten

-

Ab der MOA-ID Release 1.5.0 werden Online-Vollmachten (für Anwendungen aus dem öffentlichen Bereich) unterstützt. Hierzu werden diese Vollmachten über eine Online-Vollmachten-Service ausgewählt. Der Zugang zu diesem Online-Vollmachten Service ist über eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert.

-

1.1.2 Ausländische Bürger

-

Ab der MOA-ID Release 1.4.7 ist es möglich, dass sich auch ausländische Bürger mittels MOA-ID einloggen können. Hierzu wird eine Verbindung zu einem sogenannten Stammzahlenregister-Gateway aufgebaut, dass basierend auf den Zertifikatsdaten des ausländischen Bürgers eine Eintragung im Ergänzungsregister für natürliche Personen gemäß E-Government Gesetz §6(5) vornimmt. Somit ist es möglich, dass eine Personenbindung ausgestellt werden kann, die in weitere Folge an MOA-ID weitergeleitet wird. Der Zugang zu diesem Stammzahlenregister-Gateway ist über eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert.

-

2 MOA-ID-Auth

-

Das Modul MOA-ID-Auth dient der Identifizierung und Authentifizierung im Rahmen eines Anmeldevorgangs an einer Online-Applikation. Die Identifizierung und Authentifizierung erfolgt mit Bürgerkartem, Handy-Signatur oder für ausändische Personen mittels STORK.

-

Die Funktionalität und der Aufbau der Schnittstellen des Modules MOA-ID-Auth in Richtung Online-Applikation wird im Kapitel Protokolle beschriebe. -

Für den Betrieb von MOA-ID-Auth ist der Einsatz von MOA-Signaturprüfung (MOA-SP) erforderlich.

-

2.1 Ablauf einer Anmeldung

-

Die nachfolgende Grafik beschreibt den Ablauf eines Abmeldevorgangs an einer Online-Applikation mit Hilfe von MOA-ID-Auth unter Verwendung der Bürgerkarte oder der Handy-Signatur.

-

Sequenzdiagramm eines Anmeldevorgangs mit MOA-ID-Auth

-

 

-
    -
  1. Der Benutzer verbindet sich zu einem Web-Portal (Service Provider) über das die Online-Applikation erreichtbar ist. Nach der Betätigung eines Login-Buttons wird der Anmeldevorgang ausgelöst.
  2. -
  3. Der Benutzer wird zur Identifizierung und Authentifizierung an MOA-ID-Auth weitergeleitet.
  4. -
  5. MOA-ID-Auth validiert die Authentifizierungsanfrage des Service Providers
  6. -
  7. MOA-ID-Auth bietet dem Benutzer eine Auswahl von verfügbaren Authentifizierungsmethoden (Bürgerkarte, Handy-Signatur, STORK) an.
  8. -
  9. Der Benutzer wählt die gewünschte Authentifizierungsmethode und sendet diese an MOA-ID-Auth.
  10. -
  11. MOA-ID-AUTH erzeugt eine HTML-Seite mit einem <InfoboxReadRequest> zum Auslesen der Personenbindung. Diese HTML-Seite wird an den Browser geschickt.
  12. -
  13. Der Browser schickt den <InfoboxReadRequest> an die ausgewählte Bürgerkartenumgebung unter Verwendung des Security-Layer. Die Bürgerkartenumgebung liest die Personenbindung von der Bürgerkarte und sendet diese an MOA-ID-AUTH. MOA-ID-Auth prüft die Signatur der Personenbindung durch einen Aufruf von MOA-SP.
  14. -
  15. MOA-ID-AUTH erstellt den AUTH-Block. Der AUTH-Block enthält Vor- und Nachname aus der Personenbindung, URL von MOA-ID-AUTH, URL und Geschäftsbereich der Online-Applikation oder im Falle einer SSO Anmeldung die URL und den Geschäftsbereich der MOA-ID-Auth Instanz, die aktuelle Zeit, das aktuelle Datum und einen Zufallswert für diesen Anmeldevorgang. Anschließend wird eine XML Antwortseite, die das Kommando zum Signieren (<CreateXMLSignatureRequest>) des generierten AUTH-Blocks enthält, an die ausgewählte Bürgerkartenumgebung, unter Verwendung des Security-Layers, gesendet.
  16. -
  17. Der Request wird von der Bürgerkartenumgebung verarbeitet. Die signierten Daten werden an MOA-ID-AUTH zurückgesendet.
  18. -
  19. MOA-ID-Auth überprüft den signierten AUTH-Block und generiert Information für weitere Anmeldungen mittels Single Sign-On.
  20. -
  21. MOA-ID-Auth generiert die Anmeldedaten (Assertion) welche folgende Information enthalten: -
      -
    • die bereichsspezifischen Personenkennzeichen (bPK / wbPK)
    • -
    • Vorname, Nachname und Geburtsdatum (optional)
    • -
    • den signierten AUTH-Block (optional)
    • -
    • die Personenbindung (optional)
    • -
    • das Zertifikat mit dem die Signatur erzeugt wurde (optional)
    • -
    • informationen zum Vertreten im Falle einer Anmeldung in Vertretung (optional)
    • -
    • die elektronische Vollmacht im Falle einer Anmeldung in Vertretung (optional)
    • -
    • informationen aus dem STORK Protokoll im Falle einer Anmeldung mittels STORK (optional)
    • -
    -
  22. -
  23. MOA-ID-Auth sendet die Anmeldedaten an den Service-Provider und setzt im Browser des Benutzers ein SSO Session-Tokken welches für weitere Anmeldevorgänge verwendet werden kann.
  24. -
  25. Die Anmeldedaten werden vom Service-Provider verarbeitet und der Benutzer wird vom Service-Provider an die Online-Applikation weitergeleitet.
  26. -
-

3 MOA-ID-Configuration

-

Das Modul MOA-ID-Configuration stellt eine web-basierte Benutzerschnittstelle zur Konfiguration des Moduls MOA-ID-Auth zur Verfügung, wobei sich die Konfiguration in zwei Teilbereiche unterteilt ist. Eine detailierte Aufstellung der einzelnen Konfigurationspunkte befindet sich im Kapitel Konfiguration.

-
    -
  1. Allgemeine Konfiguration
    - In diesem Bereich sind alle Basiseinstellungen der MOA-ID-Auth Instanz hinterlegt. Beispiele hierfür sind Single Sign-On, unterstütze Authentifizierungsprotokolle, Informationen zu MOA-ID-Auth, URLs zu externen Services, ... Eine Änderung der Basiseinstellung erfordert besondere Benutzerrechte am Konfigurationstool.
  2. -
  3. Online-Applikationen
    - In diesem Abschnitt erfolgt die Konfiguration der einzelnen bei MOA-ID-Auth registrierten Service-Provider. Hierbei handelt es sich um authentifizierungsprotkollspezifische Einstellungen, Bereich des Service-Providers (öffentlich / Privatwirtschaftlich), Konfiguration der BKU Auswahl, .... Wobei sich die Konfigurationsmöglichkeiten je nachdem welche Benutzerrechten vergeben sind, unterscheiden können.
  4. -
-

Zusätzlich unterstützt das Module MOA-ID-Configuration auch eine einfache Bentzerverwaltung mit Rechtevergabe mit deren Hilfe die Verwaltung von Online-Applikatioen an den jeweiligen Service-Provider ausgelagert werden kann. Die Anmeldung am Konfigurationstool erfolgt mittels Bürgerkarte, Handy-Signature oder STORK, wobei optional auch eine Anmeldung mittels Benutzername und Passwort zur Verfügung steht.

-

 

- - + + + + + MOA-ID 2.1.x + + + + + + +
+
+ +

MOA-ID-AUTH

+
+
+
+
+

Bei MOA-ID-AUTH handelt es sich um ein Modul für die Identifizierung und Authentifizierung bei Onlineapplikationen unter Verwendung der Bürgerkarte. + Hier kann sowohl die Smartcard-Variante (e-Card) als auch die Handysignatur verwendet werden. + Die Konfiguration des Modules MOA-ID-Auth erfolgt mit Hilfe des Zusatzmodules MOA-ID-Configuration welches eine web-basierte Konfigurationsschnittstelle zur Verfügung stellt.

+
+
+ +
+
+ Login +

Über den Login-Button können Sie sich anschließend bei Ihrer Online-Applikation mit der Bürgerkarte oder der Handysignatur anmelden. Dazu müssen Sie allerdings zuvor die Applikation gemäß Beschreibung konfigurieren.

+
+
+ + + \ No newline at end of file -- cgit v1.2.3 From e6e2bbf9a6e4df5e714ab10babae013317bf8422 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Fri, 16 Jan 2015 15:11:48 +0100 Subject: Add dti-process-engine support. --- id/server/auth/pom.xml | 10 ++++++++ .../src/main/webapp/WEB-INF/applicationContext.xml | 29 ++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml (limited to 'id/server/auth') diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index 7db6ce648..529737820 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -188,6 +188,16 @@ provided + + org.springframework + spring-webmvc + + + commons-logging + commons-logging + + + org.slf4j jcl-over-slf4j diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml new file mode 100644 index 000000000..b340133c7 --- /dev/null +++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml @@ -0,0 +1,29 @@ + + + + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3 From a1bb34634bf4f30fc565109358eb51bd1111dc21 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Wed, 21 Jan 2015 08:50:58 +0100 Subject: Add "DefaultAuthentication" process (AT, no mandates, no stork) (MOAID-59). - Fix oa web.xml, switch to servlet 3.0. - moa-id-auth web.xml -- Add CharacterEncodingFilter for UTF-8 encoding. -- Add ProcessEngineSignalServlet. - Fix invalid template_*.html. - Add TODO[branch] annotations in order to indicates potential process flow branches. - Add some missing Javadoc. - Add property processInstandId to AuthenticationSession. - Add process engine support. - Fix HttpServlet init issues. - Set VerifyAuthenticationBlockServlet and VerifyIdentityLinkServlet deprecated. --- .../src/main/webapp/WEB-INF/applicationContext.xml | 2 ++ id/server/auth/src/main/webapp/WEB-INF/web.xml | 30 ++++++++++++++++++++++ .../auth/src/main/webapp/template_handyBKU.html | 2 +- .../auth/src/main/webapp/template_localBKU.html | 2 +- .../auth/src/main/webapp/template_onlineBKU.html | 2 +- 5 files changed, 35 insertions(+), 3 deletions(-) (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml index b340133c7..0f9f05baa 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml @@ -25,5 +25,7 @@ + + diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index fb3888a3e..477cce57b 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -10,6 +10,23 @@ org.springframework.web.context.ContextLoaderListener + + characterEncodingFilter + org.springframework.web.filter.CharacterEncodingFilter + + encoding + UTF-8 + + + forceEncoding + true + + + + characterEncodingFilter + /* + + requestContextFilter @@ -20,6 +37,7 @@ /* + + ProcessEngineSignal /VerifyIdentityLink @@ -229,7 +256,10 @@ --> + + ProcessEngineSignal /VerifyAuthBlock Generate BKU Request template GenerateIframeTemplate GenerateIframeTemplate at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet + + GenerateIframeTemplate + /GenerateIframeTemplate + + RedirectServlet RedirectServlet at.gv.egovernment.moa.id.auth.servlet.RedirectServlet + + RedirectServlet + /RedirectServlet + + MonitoringServlet MonitoringServlet at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet + + MonitoringServlet + /MonitoringServlet + + SSOSendAssertionServlet SSOSendAssertionServlet at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet - + + + SSOSendAssertionServlet + /SSOSendAssertionServlet + + SSO LogOut LogOut LogOut at.gv.egovernment.moa.id.auth.servlet.LogOutServlet + + LogOut + /LogOut + IDP Single LogOut Service @@ -78,25 +104,10 @@ IDPSLO at.gv.egovernment.moa.id.auth.servlet.IDPSingleLogOutServlet - - - Verify identity link coming from security layer - VerifyIdentityLink - VerifyIdentityLink - at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet - - - Verify the certificate coming from security layer - VerifyCertificate - VerifyCertificate - at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet - - - Get the MIS session ID coming from security layer - GetMISSessionID - GetMISSessionID - at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet - + + IDPSLO + /idpSingleLogout + Gets the foreign eID from security layer @@ -104,223 +115,84 @@ GetForeignID at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet - - - Verify AUTH block coming from security layer - VerifyAuthBlock - VerifyAuthBlock - at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet - - + + GetForeignID + /GetForeignID + + Apache-Axis Servlet AxisServlet org.apache.axis.transport.http.AxisServlet + + AxisServlet + /services/* + - - - Servlet receiving STORK SAML Response Messages from - different C-PEPS + Servlet receiving STORK SAML Response Messages from different C-PEPS PEPSConnectorServlet PEPSConnectorServlet - - at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet + at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet + + PEPSConnectorServlet + /PEPSConnector + + - Servlet receiving STORK SAML Response Messages from - different C-PEPS + Servlet receiving STORK SAML Response Messages from different C-PEPS PEPSConnectorWithLocalSigningServlet PEPSConnectorWithLocalSigningServlet - - at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet + at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet - - + + PEPSConnectorWithLocalSigningServlet + /PEPSConnectorWithLocalSigning + + Dispatcher Servlet DispatcherServlet at.gv.egovernment.moa.id.entrypoints.DispatcherServlet 1 - - - - at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet - at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet - + + DispatcherServlet + /dispatcher + - Resumes a suspended process engine task. + Resumes a suspended process task. ProcessEngineSignal ProcessEngineSignal at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet - - - - - DispatcherServlet - /dispatcher - - - - - - - - - - - GenerateIframeTemplate - /GenerateIframeTemplate - - - RedirectServlet - /RedirectServlet - - - MonitoringServlet - /MonitoringServlet - - SSOSendAssertionServlet - /SSOSendAssertionServlet - - - LogOut - /LogOut - - - IDPSLO - /idpSingleLogout - - - ProcessEngineSignal - /VerifyIdentityLink - - - VerifyCertificate - /VerifyCertificate - - - GetMISSessionID /GetMISSessionID - - - GetForeignID - /GetForeignID - - - - - - - ProcessEngineSignal /VerifyAuthBlock + /VerifyCertificate + /VerifyIdentityLink - - - AxisServlet - /services/* - - - PEPSConnectorServlet - /PEPSConnector - - - PEPSConnectorWithLocalSigningServlet - /PEPSConnectorWithLocalSigning - - - - - - UrlRewriteFilter - org.tuckey.web.filters.urlrewrite.UrlRewriteFilter - - - - UrlRewriteFilter - /* - - 5 + 500 /errorpage.jsp - + BASIC UserDatabase - - The role that is required to log in to the moa Application - + The role that is required to log in to the moa Application moa-admin +
-- cgit v1.2.3 From 745272fe66f04fee6976e6a187e308bb7a5987a1 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Fri, 23 Jan 2015 11:22:07 +0100 Subject: Add foreign identity process support (MOAID-61). - moa-id auth web.xml: Replace servlet mapping "/GetForeignID". - Fix some javadoc of AuthenticationServer. - Set GetForeignIDServlet deprecated. - Remove redundant code across several classes. - VerifyIdentityLinkTask: Separate identity link verification from subsequent (a) creation of CreateXMLSignatureRequest (ProcessIdentityLinkTask) and (b) creation of InfoBoxReadRequest (CertificateReadRequestTask). --- id/server/auth/src/main/webapp/WEB-INF/web.xml | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 1dd3b7a40..4548e05d9 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -108,17 +108,6 @@ IDPSLO /idpSingleLogout - - - Gets the foreign eID from security layer - GetForeignID - GetForeignID - at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet - - - GetForeignID - /GetForeignID - Apache-Axis Servlet @@ -172,6 +161,7 @@ ProcessEngineSignal /GetMISSessionID + /GetForeignID /VerifyAuthBlock /VerifyCertificate /VerifyIdentityLink -- cgit v1.2.3 From b187c1470167335ad6142b9b8b730e106348a8f8 Mon Sep 17 00:00:00 2001 From: Gerwin Gsenger Date: Wed, 28 Jan 2015 10:31:33 +0100 Subject: implement ModuleRegistry, implement standard moaid process, start ModuleRegistry at moa-id startup, fix typo in package name --- id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml index 0f9f05baa..a4a06d24a 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml @@ -27,5 +27,5 @@ - + -- cgit v1.2.3 From d45b41a740a6267c78a6ea27b7617c3d317db837 Mon Sep 17 00:00:00 2001 From: Christian Wagner Date: Thu, 29 Jan 2015 08:18:00 +0100 Subject: integrate process engine from project 'dti-process-engine' - INCOMPLETE! - commit neccessary in order to avoid blocking the development process additional small fix due to earlier package renaming --- id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml index a4a06d24a..ce8fe8971 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml @@ -9,16 +9,18 @@ - + + @@ -27,5 +29,5 @@ - + -- cgit v1.2.3 From 8579cf80c3602f963566d31eaf04f59f68d3bf11 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Thu, 29 Jan 2015 10:56:18 +0100 Subject: Add STORK process (MOAID-58). - Add STORKAuthentication.process.xml - Add PepsConnectorTask using code from PEPSConnectorServlet. - Split code from PEPSConnectorWithLocalSigningServlet into PepsConnectorHandleResponseWithoutSignatureTask and PepsConnectorHandleLocalSignResponseTask. - Replace SpringExpressionEvaluator within applicationContext.xml with SpringWebExpressionEvaluator (allowing expressions using request parameter(s)). - Make servlet mappings /PEPSConnectorWithLocalSigning and /PEPSConnector point to the process engine signaling servlet. - Add many FIXMEs marking problematic code. - Move code to start stork authentication from StartAuthenticationBuilder to CreateStorkAuthRequestFormTask. - Mark PEPSConnectorServlet and PEPSConnectorWithLocalSigningServlet deprecated. - Remove @author tknall from classes assembled using existing (bogus) code. --- .../src/main/webapp/WEB-INF/applicationContext.xml | 2 +- id/server/auth/src/main/webapp/WEB-INF/web.xml | 24 ++-------------------- 2 files changed, 3 insertions(+), 23 deletions(-) (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml index 0f9f05baa..8e210c040 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml @@ -11,7 +11,7 @@ - + diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 4548e05d9..2dbceb4e9 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -119,28 +119,6 @@ /services/* - - Servlet receiving STORK SAML Response Messages from different C-PEPS - PEPSConnectorServlet - PEPSConnectorServlet - at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet - - - PEPSConnectorServlet - /PEPSConnector - - - - Servlet receiving STORK SAML Response Messages from different C-PEPS - PEPSConnectorWithLocalSigningServlet - PEPSConnectorWithLocalSigningServlet - at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet - - - PEPSConnectorWithLocalSigningServlet - /PEPSConnectorWithLocalSigning - - Dispatcher Servlet DispatcherServlet @@ -165,6 +143,8 @@ /VerifyAuthBlock /VerifyCertificate /VerifyIdentityLink + /PEPSConnectorWithLocalSigning + /PEPSConnector -- cgit v1.2.3 From a3002d5966703675e982f5699b7a829d2dc22d84 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Thu, 29 Jan 2015 13:47:36 +0100 Subject: Integrate processes with module discovery. - Fix AuthModuleImpl process resource uri. - Create package at.gv.egovernment.moa.id.auth.modules with submodule "internal" and "stork". - Rename AuthModuleImpl to DefaultAuthModuleImpl (placed in at.gv.egovernment.moa.id.auth.modules.internal). - Move stork specific tasks to "...stork.tasks" and internal modules to "...internal.tasks". - Fix bean classes in applicationContext.xml - Move process descriptions to at.gv.egovernment.moa.id.auth.modules.[internal|stork]. - Add STORKAuthModuleImpl. --- id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml index 563fd6ec7..65a9e7176 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml @@ -11,7 +11,10 @@ + + @@ -27,5 +30,5 @@ - + -- cgit v1.2.3 From c6f543e06c02c0a2635eac2e9b99c2554e6e27bd Mon Sep 17 00:00:00 2001 From: Christian Wagner Date: Thu, 29 Jan 2015 14:39:11 +0100 Subject: integrate process engine from project 'dti-process-engine' - fix unit tests - correct namespaces - refactor package name --- id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml index ce8fe8971..a251064f6 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml @@ -11,7 +11,7 @@ - + /GetMISSessionID /GetForeignID /VerifyAuthBlock -- cgit v1.2.3 From 6371e01c520de77b0f37f59c72dbe20fce88c91a Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Fri, 30 Jan 2015 08:53:27 +0100 Subject: Add Spring based discovery for STORKAuthModule - Add wildcard import to applicationContext.xml - Add some javadoc to AuthModule interface. - Remove STORKAuthModuleImpl from serviceloader based registration. --- id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml | 3 +++ id/server/auth/src/main/webapp/WEB-INF/web.xml | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml index 818524e49..d9e254451 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml @@ -27,5 +27,8 @@ + + + diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 10c772aca..f81e01ccd 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -138,8 +138,9 @@ ProcessEngineSignal + /signalProcess - + /GetMISSessionID /GetForeignID /VerifyAuthBlock -- cgit v1.2.3 From 373641cfb0e404e89f4d9a011ae53d8b8cfc06c5 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Fri, 30 Jan 2015 10:45:59 +0100 Subject: Add dynamic servlet registration for STORK processes. - Add STORKWebApplicationInitializer.java - Adjust web.xml - Move STORK.authmodule.beans.xml to src/main/resources/... --- id/server/auth/src/main/webapp/WEB-INF/web.xml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index f81e01ccd..41c46bd22 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -140,14 +140,17 @@ ProcessEngineSignal /signalProcess - + /GetMISSessionID /GetForeignID /VerifyAuthBlock /VerifyCertificate /VerifyIdentityLink + + -- cgit v1.2.3 From 9c76562c98ff7ec8ccb2749ccd85309bfd3096b6 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Fri, 30 Jan 2015 13:47:25 +0100 Subject: Fix applicationContext.xml and STORKAuthentication.process.xml --- id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml index 2c699f24d..df59c2739 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml @@ -11,7 +11,7 @@ - + -- cgit v1.2.3 From 23fc42a3c273ceb05938c741508537bfaedab00a Mon Sep 17 00:00:00 2001 From: Christian Wagner Date: Fri, 30 Jan 2015 14:24:45 +0100 Subject: add persistence to process-engine additionally remove unnecessary method in the DAO --- .../auth/src/main/webapp/WEB-INF/applicationContext.xml | 13 ------------- 1 file changed, 13 deletions(-) (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml index a251064f6..c7b4e6419 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml @@ -13,21 +13,8 @@ - - - - - - - -- cgit v1.2.3 From 4b6fd327b29ff84f61914f33b6361fa31441c92e Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Wed, 4 Feb 2015 11:31:43 +0100 Subject: Create separate module STORK (MOAID-67) - Add new maven module moa-id-modules and sub module moa-id-module-stork. - Move stork relates processes and task to module moa-id-module-stork. - Move module registration to modules package. --- id/server/auth/pom.xml | 4 ++++ id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'id/server/auth') diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index 529737820..df45568dc 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -137,6 +137,10 @@ oasis-dss-api 1.0.0-RELEASE + + MOA.id.server.modules + moa-id-module-stork + diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml index 1fe3b4254..fabe6cd9c 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml @@ -15,9 +15,9 @@ - - + + -- cgit v1.2.3 From a9dc7e094a8732f9826ab77648758dd39adc7324 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Wed, 4 Feb 2015 13:54:32 +0100 Subject: Add logging for automatic servlet registration. --- id/server/auth/src/main/webapp/WEB-INF/web.xml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 41c46bd22..930b10f43 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -137,16 +137,23 @@ at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet + ProcessEngineSignal + /signalProcess + /GetMISSessionID /GetForeignID /VerifyAuthBlock /VerifyCertificate /VerifyIdentityLink - + + MOA.id.server.modules moa-id-module-stork + + + + MOA.id.server.modules + moa-id-module-monitoring + diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 930b10f43..5afc0dee7 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -67,6 +67,8 @@ /RedirectServlet + + SSOSendAssertionServlet -- cgit v1.2.3 From b864faef2864cc28df98d778e2221bf2cf911954 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Thu, 5 Feb 2015 16:56:04 +0100 Subject: Perform some cleanup tasks - Rename AbstractSpringWebSupportedTask to MoaIdTask. - Remove some unnecessary code. --- id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml index fabe6cd9c..a3f834457 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml @@ -9,7 +9,7 @@ - + -- cgit v1.2.3 From 426aa9b3dc4205e4c2d82924dba5a2473b48358a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 26 Feb 2015 12:46:17 +0100 Subject: change Version to 2.2.0 --- id/server/auth/src/main/webapp/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html index 381d8d82d..982c850a8 100644 --- a/id/server/auth/src/main/webapp/index.html +++ b/id/server/auth/src/main/webapp/index.html @@ -2,7 +2,7 @@ - MOA-ID 2.1.x + MOA-ID 2.2.x -- cgit v1.2.3 From 4df561f9f19966c92cd658efa0cd3942a0a091d4 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 5 May 2015 16:10:56 +0200 Subject: moved consent request before attributes are being collected --- id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/auth') diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index 54debca81..8f01ca22b 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -74,7 +74,7 @@ /dispatcher?mod=id_stork2&action=AttributeCollector&%{query-string} - ^/stork2/CompleteAuthentication$ + ^/stork2/GetConsent$ /dispatcher?mod=id_stork2&action=ConsentEvaluator&%{query-string} -- cgit v1.2.3