From 18f7c6609058ed5c3bfb59c625682f4f4a53d75d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 19 Feb 2016 10:22:11 +0100 Subject: refactor Single Sign-On authentication consents evaluator to get executed by processEngine --- id/server/doc/handbook/protocol/protocol.html | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'id/server/doc/handbook') diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index 6214c393c..a3a06bc6d 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -606,6 +606,10 @@ Redirect Binding 1109 Fehler beim Validieren der SZR-Gateway Response + + 1110 + Ungültige Single Sign-On Session +
1.3.1.3 STORK (12xxx)
-- cgit v1.2.3 From 6701d8aaca715133cfa9d7764eb2f1ed163dfce9 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 14 Mar 2016 14:14:24 +0100 Subject: update statuscodes and revisionslog codes --- .../conf/moa-id/htmlTemplates/css_template.css | 43 +++++++++++- .../conf/moa-id/htmlTemplates/loginFormFull.html | 4 +- id/server/doc/handbook/additional/additional.html | 25 +++++++ id/server/doc/handbook/protocol/protocol.html | 45 +++++++++++-- .../resources/properties/id_messages_de.properties | 1 - .../protocol_response_statuscodes_de.properties | 45 ++++++------- .../src/main/resources/templates/css_template.css | 43 +++++++++++- .../templates/mandate-service-selection.html | 76 ++++++++++++++-------- 8 files changed, 222 insertions(+), 60 deletions(-) (limited to 'id/server/doc/handbook') diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css index a8735be60..32b9dee12 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css @@ -59,7 +59,7 @@ /* clear:both; */ position:relative; margin: 0 auto; - width: 250px; + /*width: 250px;*/ text-align: center; } @@ -85,7 +85,8 @@ #leftcontent { width: 300px; - margin-top: 30px; + /*margin-top: 30px;*/ + margin: auto; } #bku_header { @@ -622,4 +623,42 @@ #alert_area { width: 500px; padding-left: 80px; + } + + #processInfoArea { + margin-bottom: 15px; + margin-top: 15px; + } + #processSelectionArea { + width: 550px; + margin-left: 25px; + margin-top: 35px; + } + .processSelectionButtonArea { + float: none; + margin-bottom: 20px; + height: 35px; + } + .processSelectionButton { + background: #ababab; + cursor: pointer; + height: 30px; + width: 200px; + float: right; + border-style: solid; + border-bottom-width: 2px; + border-right-width: 2px; + border-left-width: 1px; + border-top-width: 1px; + border-color: #000000; + } + .buttonDescription { + float: left; + margin-left: 10px; + padding-top: 4px; + text-align: left; + width: 330px; + } + #processContent { + margin-top: 25px; } \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html index 02b86472b..983e8b544 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html @@ -63,9 +63,9 @@ - +

Home Country Selection

diff --git a/id/server/doc/handbook/additional/additional.html b/id/server/doc/handbook/additional/additional.html index fb9735990..cbf4a50c9 100644 --- a/id/server/doc/handbook/additional/additional.html +++ b/id/server/doc/handbook/additional/additional.html @@ -520,6 +520,31 @@
+ + + + + + + + + + + + + + + + + + + + + + + + +

baseID

Stammzahl der vertretenen juristischen Person

   
6000ReferenceID des Vollmachtensystemsexternes Vollmachten Service kontaktiert
6001 gültige Vollmacht vom externen Vollmachten Service verarbeitet
6002 Fehler vom externen Vollmachten Service verarbeitet
6003IP AdresseIP Adresse mit der das externe Vollmachten Service die Vollmacht ausgeliefert hat

 

Einzelne Events werden um einen Transaktionsparameter ergänzt, welcher in der Spalte Wert beschrieben ist.
diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index a3a06bc6d..3b31dbfc0 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -559,6 +559,10 @@ Redirect Binding 1007 Vollmachtsmodus für ausländische Personen wird nicht unterstützt. + + 1008 + Es konnten nicht alle minimal erforderlichen Identifikations- oder Authentifikationsmerkmale ermittelt werden. +

1.3.1.2 Validierung (11xxx)
@@ -691,24 +695,51 @@ Redirect Binding
1.3.2.4 MOA SP/SS(43xxx)
- - + +
StatuscodeBeschreibungStatuscodeBeschreibung
4300 Fehler beim Aufruf von MOA SP/SS
-
1.3.2.5 Interfederation (44xxx)
+
1.3.2.5 Interfederation (44xx)
- - + + + + + + +
StatuscodeBeschreibungStatuscodeBeschreibung
4400 Fehler beim Generieren der Anmeldedaten
4401Die Verwendung des angeforderten federated IDP ist nicht erlaubt
+
1.3.2.6 Attributprovider (45xx)
+ + + + + + + + + + + + + + + + + + + + +
StatuscodeBeschreibung
4500Der Zugriff auf einen Attributprovider ist nicht erlaubt
4501Die Requestgenerierung für den Zugriff auf den Attributprovider schlug fehl
4502Die Response vom Attributeprovider ist ungültig oder nicht errlaubt
4503Die Response vom Attributeprovider beinhaltet einen Fehlercode

1.3.3 Statuscodes 6xxxx

Alles Statuscodes beginnend mit der Zahl sechs beschreiben protokollspezifische Fehler die nicht durch das jeweilige Authentifizierungsprotokoll abgebildet werden.

@@ -843,6 +874,10 @@ Redirect Binding 9103 Fehler bei der Verarbeitung eines Templates + + 9104 + Fehler bei der Auswahl oder Initialisierung des gewünschten Anmeldeprozesses + 9199 Allgemeiner interner Fehler diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 86aa13fb8..c47ec2477 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -118,7 +118,6 @@ service.06=Allgemeiner Fehler beim Anfragen des Online-Vollmachten Service service.07=Der SZR-Gateway ist unter {0} nicht erreichbar. service.08=Die Eintragung der ausländischen Person am SZR-Gateway ist fehlgeschlagen. service.09=Der SZR-Gateway Client konnte nicht initialisiert werden. - service.10=Die Verwendung des Service {0} ist nicht m\u00f6glich. Ursache: {1} cleaner.00=AuthenticationSessionCleaner wurde gestartet diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 27070cc84..581037a29 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -28,10 +28,10 @@ auth.27=4401 auth.28=1100 auth.29=4401 auth.30=1110 -auth.31=TODO -auth.32=TODO -auth.33=TODO -auth.34=TODO +auth.31=4400 +auth.32=4401 +auth.33=4401 +auth.34=4401 init.00=9199 init.01=9199 @@ -85,7 +85,8 @@ builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus die builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert. builder.06=4400 builder.07=9002 -builder.08=TODO +builder.08=1008 +builder.09=9103 service.00=4300 service.03=4300 @@ -96,23 +97,23 @@ service.07=4200 service.08=4201 service.09=9007 -service.10=TODO +service.10=4500 -process.01=TODO -process.02=TODO +process.01=9104 +process.02=9104 -sp.pvp2.00=TODO -sp.pvp2.01=TODO -sp.pvp2.02=TODO -sp.pvp2.03=TODO -sp.pvp2.04=TODO -sp.pvp2.05=TODO -sp.pvp2.06=TODO -sp.pvp2.07=TODO -sp.pvp2.08=TODO -sp.pvp2.09=TODO -sp.pvp2.10=TODO -sp.pvp2.11=TODO +sp.pvp2.00=4501 +sp.pvp2.01=4501 +sp.pvp2.02=4501 +sp.pvp2.03=4502 +sp.pvp2.04=4502 +sp.pvp2.05=4503 +sp.pvp2.06=4502 +sp.pvp2.07=4502 +sp.pvp2.08=4502 +sp.pvp2.09=4503 +sp.pvp2.10=4502 +sp.pvp2.11=4502 validator.00=1102 validator.01=1102 @@ -182,8 +183,8 @@ validator.69=1106 validator.70=1106 validator.71=1105 -validator.72=TODO -validator.73=TODO +validator.72=1105 +validator.73=4500 ssl.01=1107 diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css index a8735be60..32b9dee12 100644 --- a/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css @@ -59,7 +59,7 @@ /* clear:both; */ position:relative; margin: 0 auto; - width: 250px; + /*width: 250px;*/ text-align: center; } @@ -85,7 +85,8 @@ #leftcontent { width: 300px; - margin-top: 30px; + /*margin-top: 30px;*/ + margin: auto; } #bku_header { @@ -622,4 +623,42 @@ #alert_area { width: 500px; padding-left: 80px; + } + + #processInfoArea { + margin-bottom: 15px; + margin-top: 15px; + } + #processSelectionArea { + width: 550px; + margin-left: 25px; + margin-top: 35px; + } + .processSelectionButtonArea { + float: none; + margin-bottom: 20px; + height: 35px; + } + .processSelectionButton { + background: #ababab; + cursor: pointer; + height: 30px; + width: 200px; + float: right; + border-style: solid; + border-bottom-width: 2px; + border-right-width: 2px; + border-left-width: 1px; + border-top-width: 1px; + border-color: #000000; + } + .buttonDescription { + float: left; + margin-left: 10px; + padding-top: 4px; + text-align: left; + width: 330px; + } + #processContent { + margin-top: 25px; } \ No newline at end of file diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html index a9f0c4238..b0be4a475 100644 --- a/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html @@ -17,36 +17,60 @@
-
-
-

- Anmeldeinformationen: -

-
+ +
+
+

+ Anmeldeinformationen: +

+
-
-

Anmeldung an: $OAName

- - -
-
- - - -
-
-
+
+

Anmeldung an: $OAName

+ + +
+

Für die Anmeldung 'in Vertretung' stehen Ihnen zwei Systeme zur Vollmachtenauswahl zur Verfügung. Bitte wählen Sie das gewünschte Service.

+
+ +
+
+
+ + + +
+
+

Eltern-Kind Vertretung

+
+
+
+
+ + + +
+
+

Vollmachtenservice der Österreichischen Datenschutzbehörde (MMS Service)

+
+
+
- - - -
-
- -
+ + + +
+

Den Anmeldevorgang abbrechen

+
+
+
+ +
+
+ +
- -- cgit v1.2.3 From 20afefb3ffcfd9381c286653f310fbc3b989c512 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 21 Mar 2016 10:56:30 +0100 Subject: fix some problems with logging and error codes --- id/server/doc/handbook/protocol/protocol.html | 8 ++++++++ .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 17 +++++++++++++---- .../pvp2x/signer/AbstractCredentialProvider.java | 19 ++++++++++--------- .../signer/CredentialsNotAvailableException.java | 5 +++++ .../resources/properties/id_messages_de.properties | 3 +++ .../protocol_response_statuscodes_de.properties | 7 ++++++- .../tasks/ReceiveElgaMandateResponseTask.java | 14 +++++++++++--- 7 files changed, 56 insertions(+), 17 deletions(-) (limited to 'id/server/doc/handbook') diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index 3b31dbfc0..8e0260a38 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -851,6 +851,14 @@ Redirect Binding 9007 Der SZR-Gateway Client konnte nicht initialisiert werden. + + 9008 + Fehler beim Verarbeiten eines Konfigurationsparameters. + + + 9099 + Allgemeiner Konfigurationsfehler +
1.3.4.2 Interne Fehler (91xxx)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 2cb62b993..bca080ba6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -203,12 +203,15 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + + } catch (MOAIDException e) { + throw e; } catch (Throwable e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - throw new MOAIDException(e.getMessage(), new Object[] {}); + throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()}); } } @@ -254,11 +257,14 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { Logger.warn("Receive INVALID protocol request: " + samlRequest, e); throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + } catch (MOAIDException e) { + throw e; + } catch (Throwable e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - throw new MOAIDException(e.getMessage(), new Object[] {}); + throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()}); } } @@ -304,12 +310,15 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); - + + } catch (MOAIDException e) { + throw e; + } catch (Throwable e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - throw new MOAIDException(e.getMessage(), new Object[] {}); + throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()}); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java index 4c9a1e59f..bf4cfd480 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java @@ -121,15 +121,15 @@ public abstract class AbstractCredentialProvider { credentials.setUsageType(UsageType.SIGNING); if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { Logger.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey."); - throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Signing credentials (Alias: " - + getMetadataKeyAlias() + ") is not found or contains no PrivateKey.", null); + throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: " + + getMetadataKeyAlias() + ") is not found or contains no PrivateKey."}); } return credentials; } catch (Exception e) { Logger.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException(e.getMessage(), null); + throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e); } } @@ -146,8 +146,8 @@ public abstract class AbstractCredentialProvider { credentials.setUsageType(UsageType.SIGNING); if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { Logger.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey."); - throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Signing credentials (Alias: " - + getSignatureKeyAlias() + ") is not found or contains no PrivateKey.", null); + throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: " + + getSignatureKeyAlias() + ") is not found or contains no PrivateKey."}); } @@ -155,7 +155,7 @@ public abstract class AbstractCredentialProvider { } catch (Exception e) { Logger.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException(e.getMessage(), null); + throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e); } } @@ -177,16 +177,17 @@ public abstract class AbstractCredentialProvider { if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { Logger.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey."); - throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Encryption credentials (Alias: " - + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey.", null); + throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Encryption credentials (Alias: " + + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."}); } return (X509Credential) credentials; + } catch (Exception e) { Logger.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials"); e.printStackTrace(); - throw new CredentialsNotAvailableException(e.getMessage(), null); + throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java index 1e1c37621..85de666c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java @@ -31,6 +31,11 @@ public class CredentialsNotAvailableException extends MOAIDException { super(messageId, parameters); } + public CredentialsNotAvailableException(String messageId, + Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } + /** * */ diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index c47ec2477..9986d5679 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -87,6 +87,7 @@ config.23=Fehler beim initialisieren von OpenSAML config.24=MOA-ID-Auth Configfile {1} does not start with {0} prefix. config.25=Der verwendete IDP PublicURLPrefix {0} ist nicht erlaubt. config.26=Federated IDP {0} contains no AttributeQuery URL. +config.27=Fehler beim Verarbeiten eines Konfigurationsparameters. Msg:{0} parser.00=Leichter Fehler beim Parsen: {0} parser.01=Fehler beim Parsen: {0} @@ -279,6 +280,7 @@ pvp2.20=F\u00FCr die im Request angegebene EntityID konnten keine g\u00FCltigen pvp2.21=Die Signature des Requests konnte nicht g\u00FCltig validiert werden. pvp2.22=Der Request konnte nicht g\u00FCltig validiert werden (Fehler\={0}). pvp2.23={0} ist keine gueltige AssertionConsumerServiceURL oder entspricht nicht den Metadaten. +pvp2.24=Der Request konnte nicht verarbeitet werden (Fehler\={0}). ##add status codes!!!! @@ -294,6 +296,7 @@ sp.pvp2.08=Receive invalid PVP Response from {0}. Response issuer {1} is not val sp.pvp2.09=Receive invalid PVP Response from {0} {1}. StatusCodes:{2} {3} Msg:{4} sp.pvp2.10=Receive invalid PVP Response from {0}. No valid assertion included. sp.pvp2.11=Receive invalid PVP Response from {0}. Assertion decryption FAILED. +sp.pvp2.12=Receive invalid PVP Response from {0}. Msg:{1} oauth20.01=Fehlerhafte redirect url oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}" diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 581037a29..f97ebeeca 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -66,7 +66,8 @@ config.22=9008 config.23=9199 config.24=9199 config.25=9199 -config.26=TODO +config.26=9099 +config.27=9008 parser.00=1101 parser.01=1101 @@ -114,6 +115,7 @@ sp.pvp2.08=4502 sp.pvp2.09=4503 sp.pvp2.10=4502 sp.pvp2.11=4502 +sp.pvp2.12=4502 validator.00=1102 validator.01=1102 @@ -222,6 +224,9 @@ pvp2.17=6102 pvp2.20=6103 pvp2.21=6104 pvp2.22=6105 +pvp2.23=6105 +pvp2.24=6105 + oauth20.01=6200 oauth20.06=1000 diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java index f976793b8..c2ca69238 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java @@ -179,12 +179,20 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { String samlRequest = request.getParameter("SAMLRequest"); Logger.warn("Receive INVALID PVP Response from ELGA mandate-service: " + samlRequest, e); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED); - throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from ELGA mandate-service", e); + throw new TaskExecutionException(pendingReq, + "Receive INVALID PVP Response from ELGA mandate-service", + new AuthnResponseValidationException("sp.pvp2.12", + new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, + e)); } catch (IOException | MarshallingException | TransformerException e) { Logger.warn("Processing PVP response from ELGA mandate-service FAILED.", e); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED); - throw new TaskExecutionException(pendingReq, "Processing PVP response from ELGA mandate-service FAILED.", e); + throw new TaskExecutionException(pendingReq, + "Processing PVP response from ELGA mandate-service FAILED.", + new AuthnResponseValidationException("sp.pvp2.12", + new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, + e)); } catch (CredentialsNotAvailableException e) { Logger.error("ELGA mandate-service: PVP response decrytion FAILED. No credential found.", e); @@ -195,7 +203,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage()); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId()); throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e); - + } catch (Exception e) { Logger.info("ELGA mandate-service: General Exception. Msg:" + e.getMessage()); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED); -- cgit v1.2.3 From f1c588836f613209984c15a761d65b20c66ca4e9 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 21 Mar 2016 13:29:52 +0100 Subject: add missing error codes --- id/server/doc/handbook/protocol/protocol.html | 4 ++ .../auth/exception/MOAIllegalStateException.java | 46 +++++++++++++++++++ .../AbstractProcessEngineSignalController.java | 7 ++- .../resources/properties/id_messages_de.properties | 1 + .../protocol_response_statuscodes_de.properties | 1 + .../id/commons/api/exceptions/MOAIDException.java | 52 ---------------------- .../oauth20/exceptions/OAuth20Exception.java | 6 +-- 7 files changed, 60 insertions(+), 57 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIllegalStateException.java (limited to 'id/server/doc/handbook') diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index 8e0260a38..ff7921ad5 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -886,6 +886,10 @@ Redirect Binding + + + + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIllegalStateException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIllegalStateException.java new file mode 100644 index 000000000..bc19a3f39 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIllegalStateException.java @@ -0,0 +1,46 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.exception; + +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; + +/** + * @author tlenz + * + */ +public class MOAIllegalStateException extends MOAIDException { + + /** + * + */ + private static final long serialVersionUID = 613582783125887683L; + + /** + * + */ + public MOAIllegalStateException(String code, Object[] params) { + super(code, params); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java index a23938f97..f22c82e95 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java @@ -9,6 +9,7 @@ import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.exception.MOAIllegalStateException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; @@ -30,7 +31,8 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont try { if (pendingRequestID == null) { - throw new IllegalStateException("Unable to determine MOA pending-request id."); + throw new MOAIllegalStateException("process.03", new Object[]{"Unable to determine MOA pending-request id."}); + } IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID); @@ -49,7 +51,8 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont // process instance is mandatory if (pendingReq.getProcessInstanceId() == null) { - throw new IllegalStateException("MOA session does not provide process instance id."); + throw new MOAIllegalStateException("process.03", new Object[]{"MOA session does not provide process instance id."}); + } // wake up next task diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 9986d5679..a579dd80b 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -315,3 +315,4 @@ slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Onlin process.01=Fehler beim Ausf\u00FChren des Prozesses. process.02=Fehler beim Erstellen eines geeigneten Prozesses f\u00FCr die SessionID {0}. +process.03=Fehler beim Weiterführen es Prozesses. Msg:{0} diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index f97ebeeca..653e073a2 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -102,6 +102,7 @@ service.10=4500 process.01=9104 process.02=9104 +process.03=9105 sp.pvp2.00=4501 sp.pvp2.01=4501 diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java index 955b0f5ea..6841be92b 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java @@ -49,16 +49,7 @@ package at.gv.egovernment.moa.id.commons.api.exceptions; import java.io.PrintStream; import java.io.PrintWriter; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; - -import org.w3c.dom.DOMImplementation; -import org.w3c.dom.Document; -import org.w3c.dom.Element; - import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.util.Constants; /** * Base class of technical MOA exceptions. @@ -176,47 +167,4 @@ public Object[] getParameters() { return parameters; } -/** - * Convert this MOAIDException to an ErrorResponse - * element from the MOA namespace. - * - * @return An ErrorResponse element, containing the subelements - * ErrorCode and Info required by the MOA schema. - */ - public Element toErrorResponse() { - DocumentBuilder builder; - DOMImplementation impl; - Document doc; - Element errorResponse; - Element errorCode; - Element info; - - // create a new document - try { - builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); - impl = builder.getDOMImplementation(); - } catch (ParserConfigurationException e) { - return null; - } - - // build the ErrorResponse element - doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null); - errorResponse = doc.getDocumentElement(); - - // add MOA namespace declaration - errorResponse.setAttributeNS( - Constants.XMLNS_NS_URI, - "xmlns", - Constants.MOA_NS_URI); - - // build the child elements - errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode"); - errorCode.appendChild(doc.createTextNode(messageId)); - info = doc.createElementNS(Constants.MOA_NS_URI, "Info"); - info.appendChild(doc.createTextNode(toString())); - errorResponse.appendChild(errorCode); - errorResponse.appendChild(info); - return errorResponse; - } - } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java index d7fecd1b5..5dc36868b 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java @@ -22,9 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.exceptions; -import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -public class OAuth20Exception extends RuntimeException { +public class OAuth20Exception extends MOAIDException { private static final long serialVersionUID = 1L; @@ -33,7 +33,7 @@ public class OAuth20Exception extends RuntimeException { private String errorCode; public OAuth20Exception(final String errorCode, final String messageId, final Object[] parameters) { - super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); + super(messageId, parameters); this.errorCode = errorCode; this.messageId = messageId; } -- cgit v1.2.3 From b29150526d95af2f1c30f4543c88d35c2965dfe6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 22 Mar 2016 14:43:22 +0100 Subject: add revisionslog info's to eIDAS and SLO methods --- id/server/doc/handbook/additional/additional.html | 45 +++++++++++++++++ .../id/advancedlogging/MOAIDEventConstants.java | 15 ++++-- .../moa/id/advancedlogging/MOAReversionLogger.java | 14 ++++-- .../moa/id/data/ISLOInformationContainer.java | 7 ++- .../moa/id/data/SLOInformationContainer.java | 37 +++++++++++++- .../moa/id/moduls/AuthenticationManager.java | 56 +++++++++++++++------- .../moa/id/protocols/pvp2x/SingleLogOutAction.java | 15 ++++-- .../eidas/tasks/GenerateAuthnRequestTask.java | 11 +++++ .../eidas/tasks/ReceiveAuthnResponseTask.java | 9 ++++ 9 files changed, 178 insertions(+), 31 deletions(-) (limited to 'id/server/doc/handbook') diff --git a/id/server/doc/handbook/additional/additional.html b/id/server/doc/handbook/additional/additional.html index cbf4a50c9..58990567c 100644 --- a/id/server/doc/handbook/additional/additional.html +++ b/id/server/doc/handbook/additional/additional.html @@ -485,6 +485,26 @@ + + + + + + + + + + + + + + + + + + + + @@ -545,6 +565,31 @@ + + + + + + + + + + + + + + + + + + + + + + + + +
9104 Fehler bei der Auswahl oder Initialisierung des gewünschten Anmeldeprozesses
9105Fehler bei der Fortführung des Anmeldeprozesses
9199 Allgemeiner interner Fehler

 

Vollmacht vom Online-Vollmachten Service erhalten
4400 IDP initiated Single LogOut Request erhalten
4401 Single LogOut Process gestartet
4402 Single LogOut Process erfolgreich beendet
4403 Unvollständiger Single LogOut Prozess

5000

bPK

IP Adresse IP Adresse mit der das externe Vollmachten Service die Vollmacht ausgeliefert hat
6100EntityIDeIDAS Node ausgewählt
6101RequestIDeIDAS Node kontaktiert
6102ResponseIDGültige Response von eIDAS Node erhalten
6103 Ungültige Response oder Fehlercode von eIDAS Node erhalten
6104 Personenbindung für Authentifizierung über eIDAS Node erstellt

 

Einzelne Events werden um einen Transaktionsparameter ergänzt, welcher in der Spalte Wert beschrieben ist.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java index 054543c3e..9d26cc05f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java @@ -47,7 +47,12 @@ public interface MOAIDEventConstants extends EventConstants { public static final int AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST = 3201; public static final int AUTHPROTOCOL_SAML1_AUTHNREQUEST = 3300; - + + public static final int AUTHPROCESS_IDP_SLO_REQUESTED = 4400; + public static final int AUTHPROCESS_SLO_STARTED = 4401; + public static final int AUTHPROCESS_SLO_ALL_VALID = 4402; + public static final int AUTHPROCESS_SLO_NOT_ALL_VALID = 4403; + //authentication process information public static final int AUTHPROCESS_START = 4000; public static final int AUTHPROCESS_FINISHED = 4001; @@ -78,9 +83,11 @@ public interface MOAIDEventConstants extends EventConstants { public static final int AUTHPROCESS_MANDATE_REDIRECT = 4301; public static final int AUTHPROCESS_MANDATE_RECEIVED = 4302; - public static final int AUTHPROCESS_PEPS_REQUESTED = 4400; - public static final int AUTHPROCESS_PEPS_RECEIVED = 4401; - public static final int AUTHPROCESS_PEPS_IDL_RECEIVED = 4402; + public static final int AUTHPROCESS_PEPS_SELECTED = 6100; + public static final int AUTHPROCESS_PEPS_REQUESTED = 6101; + public static final int AUTHPROCESS_PEPS_RECEIVED = 6102; + public static final int AUTHPROCESS_PEPS_RECEIVED_ERROR = 6103; + public static final int AUTHPROCESS_PEPS_IDL_RECEIVED = 6104; //person information public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java index 6fa07a098..4a5cbd55f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java @@ -75,18 +75,26 @@ public class MOAReversionLogger { MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED, - + + MOAIDEventConstants.AUTHPROCESS_IDP_SLO_REQUESTED, + MOAIDEventConstants.AUTHPROCESS_SLO_STARTED, + MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID, + MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID, + MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_REQUESTED, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED_IP, - MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND, - MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED, + MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED, + MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND, + MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED, + MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java index 18ffc5c6d..38f6948d3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java @@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.data; import java.util.Iterator; import java.util.List; -import java.util.Set; import java.util.Map.Entry; +import java.util.Set; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; @@ -63,5 +63,8 @@ public interface ISLOInformationContainer { List getSloFailedOAs(); void putFailedOA(String oaID); - + + public String getTransactionID(); + + public String getSessionID(); } \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java index fd1749129..20588ad0b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java @@ -44,6 +44,8 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon private LinkedHashMap activeFrontChannalOAs; private LinkedHashMap activeBackChannelOAs; private List sloFailedOAs = null; + private String transactionID = null; + private String sessionID = null; /** * @@ -146,6 +148,7 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon @Override public void setSloRequest(PVPTargetConfiguration sloRequest) { this.sloRequest = sloRequest; + } /* (non-Javadoc) @@ -164,5 +167,37 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon if (sloFailedOAs == null) sloFailedOAs = new ArrayList(); sloFailedOAs.add(oaID); - } + } + + + /** + * @return the transactionID + */ + public String getTransactionID() { + return transactionID; + } + + + /** + * @param transactionID the transactionID to set + */ + public void setTransactionID(String transactionID) { + this.transactionID = transactionID; + } + + public String getSessionID() { + return this.sessionID; + + } + + + /** + * @param sessionID the sessionID to set + */ + public void setSessionID(String sessionID) { + this.sessionID = sessionID; + } + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 1e064f24f..a1f2c6558 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -443,6 +443,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { String pvpSLOIssuer = null; String inboundRelayState = null; + String uniqueSessionIdentifier = "notSet"; + String uniqueTransactionIdentifier = "notSet"; Logger.debug("Start technical Single LogOut process ... "); @@ -451,14 +453,33 @@ public class AuthenticationManager extends MOAIDAuthConstants { LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); pvpSLOIssuer = logOutReq.getIssuer().getValue(); inboundRelayState = samlReq.getRelayState(); + uniqueSessionIdentifier = pvpReq.getUniqueSessionIdentifier(); + uniqueTransactionIdentifier = pvpReq.getUniqueTransactionIdentifier(); + } else { + AuthenticationSessionExtensions sessionExt; + try { + sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID()); + if (sessionExt != null) + uniqueSessionIdentifier = sessionExt.getUniqueSessionId(); + + } catch (MOADatabaseException e) { + Logger.error("Error during database communication. Can not evaluate 'uniqueSessionIdentifier'", e); + + } + uniqueTransactionIdentifier = Random.nextLongRandom(); + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_IDP_SLO_REQUESTED); + } //store active OAs to SLOContaine List dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session); List dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session); - SLOInformationContainer sloContainer = new SLOInformationContainer(); - sloContainer.setSloRequest(pvpReq); + SLOInformationContainer sloContainer = new SLOInformationContainer(); + sloContainer.setTransactionID(uniqueTransactionIdentifier); + sloContainer.setSessionID(uniqueSessionIdentifier); + sloContainer.setSloRequest(pvpReq); + sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer); sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer); @@ -468,19 +489,10 @@ public class AuthenticationManager extends MOAIDAuthConstants { + " NO_SLO_Support:" + sloContainer.getSloFailedOAs().size()); //terminate MOASession - try { - String uniqueSessionIdentifier = "notSet"; - AuthenticationSessionExtensions sessionExt = - authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID()); - if (sessionExt != null) - uniqueSessionIdentifier = sessionExt.getUniqueSessionId(); - + try { authenticatedSessionStore.destroySession(session.getSessionID()); ssoManager.deleteSSOSessionID(httpReq, httpResp); - if (pvpReq != null) - revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, pvpReq.getUniqueSessionIdentifier()); - else - revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier); + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier); Logger.debug("Active SSO Session on IDP is remove."); @@ -490,8 +502,9 @@ public class AuthenticationManager extends MOAIDAuthConstants { } - Logger.trace("Starting Service-Provider logout process ... "); - //start service provider back channel logout process + Logger.trace("Starting Service-Provider logout process ... "); + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_STARTED); + //start service provider back channel logout process Iterator nextOAInterator = sloContainer.getNextBackChannelOA(); while (nextOAInterator.hasNext()) { SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next()); @@ -592,13 +605,17 @@ public class AuthenticationManager extends MOAIDAuthConstants { null); if (sloContainer.getSloFailedOAs() == null || - sloContainer.getSloFailedOAs().size() == 0) + sloContainer.getSloFailedOAs().size() == 0) { + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID); config.putCustomParameter("successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); - else + + } else { + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); config.putCustomParameter("errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - + + } guiBuilder.build(httpResp, config, "Single-LogOut GUI"); } @@ -615,6 +632,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); + + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); }else { //print SLO information directly @@ -623,6 +642,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, null); + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); config.putCustomParameter("errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index dfe9ecb49..af6c79140 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -41,6 +41,8 @@ import org.opensaml.saml2.metadata.SingleLogoutService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; @@ -80,6 +82,7 @@ public class SingleLogOutAction implements IAction { @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; @Autowired private ITransactionStorage transactionStorage; @Autowired private SingleLogOutBuilder sloBuilder; + @Autowired private MOAReversionLogger revisionsLogger; /* (non-Javadoc) @@ -240,11 +243,17 @@ public class SingleLogOutAction implements IAction { String statusCode = null; if (sloContainer.getSloFailedOAs() == null || - sloContainer.getSloFailedOAs().size() == 0) + sloContainer.getSloFailedOAs().size() == 0) { statusCode = MOAIDAuthConstants.SLOSTATUS_SUCCESS; - else + revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), + MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID); + + } else { + revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), + MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR; - + + } transactionStorage.put(artifact, statusCode); redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index 6de446e01..7f3c4bddc 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -36,6 +36,7 @@ import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.springframework.stereotype.Component; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -97,6 +98,12 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim(); + + //TODO: switch to entityID + revisionsLogger.logEvent(oaConfig, pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, + metadataUrl); + // assemble requested attributes Collection attributesFromConfig = oaConfig.getRequestedSTORKAttributes(); @@ -169,6 +176,10 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { response.setContentType("text/html;charset=UTF-8"); response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8")); + revisionsLogger.logEvent(oaConfig, pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, + authnRequest.getSamlId()); + } catch (IOException e) { Logger.error("Velocity IO error: " + e.getMessage()); throw new MOAIDException("stork.15", null); // TODO diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 082fdbbbf..5d1b7fb6f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -5,6 +5,7 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Component; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; @@ -79,12 +80,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //store MOA-session to database authenticatedSessionStorage.storeSession(moasession); + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, + samlResp.getSamlId()); + }catch (EIDASSAMLEngineException e) { Logger.error("eIDAS AuthnRequest generation FAILED.", e); + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", new EIDASEngineException("Could not validate eIDAS response", e)); } catch (EIDASEngineException | MOAIDException | MOADatabaseException e) { + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); } -- cgit v1.2.3 From 859d7b200e1efa6caa1c72e32f22e61660b1b2ef Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 24 Mar 2016 10:43:55 +0100 Subject: update ELGA Mandate-Service client modul --- id/server/doc/handbook/additional/additional.html | 250 ++++++++++----------- .../ELGAMandatesRequestBuilderConfiguration.java | 19 +- .../tasks/ReceiveElgaMandateResponseTask.java | 4 +- 3 files changed, 136 insertions(+), 137 deletions(-) (limited to 'id/server/doc/handbook') diff --git a/id/server/doc/handbook/additional/additional.html b/id/server/doc/handbook/additional/additional.html index 58990567c..00b36c4cd 100644 --- a/id/server/doc/handbook/additional/additional.html +++ b/id/server/doc/handbook/additional/additional.html @@ -311,104 +311,104 @@

 

- - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + @@ -416,74 +416,74 @@ - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + @@ -506,39 +506,39 @@ - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + @@ -547,12 +547,12 @@ - + - + diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java index 60025075f..b67d263fc 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java @@ -252,8 +252,9 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest */ public void setSubjectConformationDate(String givenName, String familyName, String dateOfBirth) { try { - SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class); - + Logger.trace("Build 'SubjectConfirmationData' for ELGA Mandate-Service request ..."); + //build empty 'SubjectConfirmationData' element + SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class); DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); DocumentBuilder builder = dbf.newDocumentBuilder(); @@ -263,7 +264,7 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest .getMarshaller(subjectConformDate); out.marshall(subjectConformDate, doc); - //build root element + //build root element for personal information Element rootDom = doc.createElementNS( ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE_URI, ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_ROOT); @@ -274,24 +275,20 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest //build personal information Element familyNameDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_FAMILYNAME); - //familyNameDom.setPrefix(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE); - familyNameDom.setTextContent(familyName); - Element givenNameDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_GIVENNAME); - //givenNameDom.setPrefix(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE); - givenNameDom.setTextContent(givenName); - Element dateOfBirthDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_DATEOFBIRTH); - //dateOfBirthDom.setPrefix(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE); + familyNameDom.setTextContent(familyName); + givenNameDom.setTextContent(givenName); dateOfBirthDom.setTextContent(dateOfBirth); - //add information to root element + //add personal information to 'SubjectConfirmationData' element doc.getFirstChild().appendChild(rootDom); rootDom.appendChild(givenNameDom); rootDom.appendChild(familyNameDom); rootDom.appendChild(dateOfBirthDom); this.subjectConformationDate = doc.getDocumentElement(); + Logger.trace("'SubjectConfirmationData' for ELGA Mandate-Service is complete"); } catch (ParserConfigurationException | MarshallingException e) { Logger.error("Can not generate 'SubjectConformationDate' for " diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java index 8960041f5..5604b7640 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java @@ -150,6 +150,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { defaultTaskInitialization(request, executionContext); //validate receive mandate reference-value + //TODO: update if ReferenceValue Discussion is finished String responseRefValue = extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME); if (!moasession.getMandateReferenceValue().equals(responseRefValue)) { Logger.warn("PVP Response from ELGA mandate-service contains a not valid MandateReferenceValue."); @@ -172,7 +173,8 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { authenticatedSessionStorage.storeSession(moasession); //write revisions log entry - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED, + extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME)); //write mandate info's to revisions log revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_TYPE, -- cgit v1.2.3 From a2c787edb81084a0f7a1f01d79607121ff5ec2a4 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 31 Mar 2016 14:37:09 +0200 Subject: add errorcodes to eIDAS module functionality --- id/server/doc/handbook/protocol/protocol.html | 46 +++++++++++++++ .../resources/properties/id_messages_de.properties | 8 ++- .../protocol_response_statuscodes_de.properties | 22 +++---- .../eIDASResponseNotSuccessException.java | 67 ++++++++++++++++++++++ .../eidas/tasks/ReceiveAuthnResponseTask.java | 24 ++++++-- 5 files changed, 148 insertions(+), 19 deletions(-) create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java (limited to 'id/server/doc/handbook') diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index ff7921ad5..6713bd7a3 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -270,6 +270,13 @@ Redirect Binding + + + + + + + @@ -646,6 +653,45 @@ Redirect Binding

EventCode

Wert

Beschreibung

EventCode

Wert

Beschreibung

3000

Protokolltype

Type des verwendeten Authentifizierungsprotokolls (OpenID Connect, PVP2, STORK, SAML1)

3000

Protokolltype

Type des verwendeten Authentifizierungsprotokolls (OpenID Connect, PVP2, STORK, SAML1)

3100

 

PVP 2.x Metadaten Request

3100

 

PVP 2.x Metadaten Request

3101

 

PVP 2.x Authentifizierungsrequest

3101

 

PVP 2.x Authentifizierungsrequest

3102

 

PVP 2.x Authentifizierungsresponse

3102

 

PVP 2.x Authentifizierungsresponse

3103

 

PVP 2.x Single LogOut Request

3103

 

PVP 2.x Single LogOut Request

3104

 

PVP 2.x Attribute Query (im Fall IDP Interfederation mit zwischen MOA-IDs)

3104

 

PVP 2.x Attribute Query (im Fall IDP Interfederation mit zwischen MOA-IDs)

3200

 

OpenID Connect Auth Requsst

3200

 

OpenID Connect Auth Requsst

3201

 

OpenID Connect Tokken Request

3201

 

OpenID Connect Tokken Request

3300

 

SAML1 StartAuthentication Request

3300

 

SAML1 StartAuthentication Request

4000

 

Identifizierungs- und Authentifizierungsprozess wurde gestartet

4000

 

Identifizierungs- und Authentifizierungsprozess wurde gestartet

4001

 

Identifizierungs- und Authentifizierungsprozess wurde beendet

4001

 

Identifizierungs- und Authentifizierungsprozess wurde beendet

4002

 

Anmeldeprozess mit Online Vollmachten

4002

 

Anmeldeprozess mit Online Vollmachten

4003

 

Anmeldeprozess mit STORK

4003

 

Anmeldeprozess mit STORK

4004

 

Anmeldeprozess mit Single Sign-On

4004

 

Anmeldeprozess mit Single Sign-On

4005

 

Ungültige Single Sign-On Session

4005

 

Ungültige Single Sign-On Session

4006

 

Benutzeranfrage für Single Sign-On Verwendung gestellt

4006

 

Benutzeranfrage für Single Sign-On Verwendung gestellt

4007

 

Benutzerantwort für Single Sign-On Verwendung empfangen

4007

 

Benutzerantwort für Single Sign-On Verwendung empfangen

4008

 

Anmeldeprozess über IDP Föderation

4008

 

Anmeldeprozess über IDP Föderation

4009

 

Gültige Response von föderiertem IDP erhalten

4009

 

Gültige Response von föderiertem IDP erhalten
4010Verwendeter IDP für föderierte Anmeldung

4011

Service Identifikator

Eindeutiger Identifikator der/des Online-Applikation/Service an der/dem die Anmeldung erfolgt

4011

Service Identifikator

Eindeutiger Identifikator der/des Online-Applikation/Service an der/dem die Anmeldung erfolgt

4110

 

BKU Auswahl gestartet

4110

 

BKU Auswahl gestartet

4111

Bkutype (z.b. online, handy, local)

Ausgewählter BKU Type

4111

Bkutype (z.b. online, handy, local)

Ausgewählter BKU Type

4112

URL

Verwendete BKU URL

4112

URL

Verwendete BKU URL

4113

IP Adresse

IP Adresse mit der die BKU Daten an MOA-ID liefert

4113

IP Adresse

IP Adresse mit der die BKU Daten an MOA-ID liefert

4220

 

Personenbindung ausgelesen und gültig validiert

4220

 

Personenbindung ausgelesen und gültig validiert

4221

 

Signaturzertifikat ausgelesen und validiert

4221

 

Signaturzertifikat ausgelesen und validiert

4222

 

AuthBlock signiert und gültig validiert

4222

 

AuthBlock signiert und gültig validiert

4223

 

Wechsel in den Modus für ausländische Signaturkarten

4223

 

Wechsel in den Modus für ausländische Signaturkarten

4224

 

SZR-Gateway wird kontaktiert

4224

 

SZR-Gateway wird kontaktiert

4225

 

Personenbindung von SZR-Gateway erhalten

4225

 

Personenbindung von SZR-Gateway erhalten

4300

ReferenceID des Vollmachtensystems

Online-Vollmachten Service wird kontaktiert

4300

ReferenceID des Vollmachtensystems

Online-Vollmachten Service wird kontaktiert

4301

 

Redirekt zum Online-Vollmachten Service

4301

 

Redirekt zum Online-Vollmachten Service

4302

 

Vollmacht vom Online-Vollmachten Service erhalten

4302

 

Vollmacht vom Online-Vollmachten Service erhalten
4400Unvollständiger Single LogOut Prozess

5000

bPK

bPK bei Vollmacht mit berufsmäßigem Parteienvertreter oder Organwalter

5000

bPK

bPK bei Vollmacht mit berufsmäßigem Parteienvertreter oder Organwalter

5001

OID

OID bei Vollmacht mit berufsmäßigem Parteienvertreter oder Organwalter

5001

OID

OID bei Vollmacht mit berufsmäßigem Parteienvertreter oder Organwalter

5002

JSON String

Pseudoanonymisierte Personendaten der sich anmeldeten natürlichen Person.

5002

JSON String

Pseudoanonymisierte Personendaten der sich anmeldeten natürlichen Person.

5100

Vollmachtstype

Type der ausgewählten Vollmacht

5100

Vollmachtstype

Type der ausgewählten Vollmacht

5101

jur / nat

Vollmacht - Type der vertretenen Person (Juristische / natürliche Person)

5101

jur / nat

Vollmacht - Type der vertretenen Person (Juristische / natürliche Person)

5102

JSON String

Pseudoanonymisierte Personendaten der vertretenen natürlichen Person.

5102

JSON String

Pseudoanonymisierte Personendaten der vertretenen natürlichen Person.

5103

baseID

Stammzahl der vertretenen juristischen Person

5103

baseID

Stammzahl der vertretenen juristischen Person

 
6000ReferenceID des VollmachtensystemsReferenceID zum Auth. Prozess externes Vollmachten Service kontaktiert
6001 ReferenceID des Vollmachhtenservice gültige Vollmacht vom externen Vollmachten Service verarbeitet

Gesamte Personenbindung in BASE64 kodiert.

Hinweis: Im Falle einer privatwirtschaftlichen Applikation ist die Stammzahl durch die wbPK ersetzt.
urn:oid:1.2.40.0.10.2.1.1.261.106MANDATE-TYPE-OIDmandate Bezeichnung als OID des verwendeten Vollmachten-Profils
urn:oid:1.2.40.0.10.2.1.1.261.68 MANDATE-TYPE Der geforderte QAA Level ist höher als der QAA Level der gewählten Authentifizierungsmethode
+
1.3.1.4 eIDAS (13xxx)
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
StatuscodeBeschreibung
1300Fehler beim Erstellen des eIDAS Authentifizierungsrequests
1301Fehler beim Validieren der eIDAS Authentifizierungsresponse
1302Response vom eIDAS Node enthält einen Fehler
1303eIDAS Response beinhaltet nicht alle minimal erforderlichen Attribute
1304Der ausgewählte eIDAS Node existiert nicht oder ist nicht konfiguriert
1305eIDAS Request konnte nicht gültig verarbeitet werden
1306Generierung dereIDAS Metadaten fehlgeschlagen
1399Interner Fehler in der eIDAS SAML-Engine

1.3.2 Statuscodes 4xxxx

Alles Statuscodes beginnend mit der Zahl vier beschreiben Fehler die während der Kommunikation mit externen Services aufgetreten sind.

1.3.2.1 BKU (40xxxx)
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 6b48750d2..400b0bc25 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -128,7 +128,7 @@ cleaner.03=Abgelaufene Anmeldedaten zur SAML-Assertion ID {0} wurden aus dem Spe proxy.00=MOA ID Proxy wurde erfolgreich gestartet proxy.01=Unbekannter URL {0}, erwarteter URL auf {1} -proxy.02=Unbekannter URL {0}.
Es wurde keine Übereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden. +proxy.02=Unbekannter URL {0}.
Es wurde keine \u00dcbereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden. proxy.04=URL {0} : {1} proxy.05=Fehler beim Aufbauen der SSLSocketFactory f\u00FCr {0} \: {1} proxy.06=Fehler beim Starten des Service MOA ID Proxy @@ -265,8 +265,10 @@ eIDAS.05=Can not generate eIDAS metadata. Reason:{0} eIDAS.06=Received eIDAS AuthnRequest can not processed. Reason:{0} eIDAS.07=Missing eIDAS-Attribute:{0} eIDAS.08=No valid eIDAs-Node configuration for enityID:{0} +eIDAS.09=Received eIDAS Response is not valid. Reason:{0} +eIDAS.10=Internal server error. Reason:{0} +eIDAS.11=Received eIDAS Error-Response. Reason:{0} -pvp2.00={0} ist kein gueltiger consumer service index pvp2.01=Fehler beim kodieren der PVP2 Antwort pvp2.02=Ungueltiges Datumsformat pvp2.03=Vollmachtattribute nicht in Metadaten verfuegbar @@ -325,4 +327,4 @@ slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Onlin process.01=Fehler beim Ausf\u00FChren des Prozesses. process.02=Fehler beim Erstellen eines geeigneten Prozesses f\u00FCr die SessionID {0}. -process.03=Fehler beim Weiterführen es Prozesses. Msg:{0} +process.03=Fehler beim Weiterf\u00FChren es Prozesses. Msg:{0} diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 92e231bd0..bfaf5ffb1 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -213,16 +213,18 @@ stork.19=1203 stork.20=1204 stork.21=1205 -eIDAS.00=TODO -eIDAS.01=TODO -eIDAS.02=TODO -eIDAS.03=TODO -eIDAS.04=TODO -eIDAS.05=TODO -eIDAS.06=TODO -eIDAS.07=TODO -eIDAS.08=TODO - +eIDAS.00=1399 +eIDAS.01=1305 +eIDAS.02=1300 +eIDAS.03=1304 +eIDAS.04=1304 +eIDAS.05=1306 +eIDAS.06=1305 +eIDAS.07=1303 +eIDAS.08=1304 +eIDAS.09=1301 +eIDAS.10=9199 +eIDAS.11=1302 pvp2.01=6100 pvp2.06=6100 diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java new file mode 100644 index 000000000..d10ca1c88 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java @@ -0,0 +1,67 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +/** + * @author tlenz + * + */ +public class eIDASResponseNotSuccessException extends eIDASException { + + /** + * + */ + private static final long serialVersionUID = 6145402939313568907L; + + public eIDASResponseNotSuccessException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * @param messageId + * @param parameters + * @param e + */ + public eIDASResponseNotSuccessException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeFirstLevel() + */ + @Override + public String getStatusCodeFirstLevel() { + return StatusCode.RESPONDER_URI; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel() + */ + @Override + public String getStatusCodeSecondLevel() { + return StatusCode.AUTHN_FAILED_URI; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index b73c2a873..fae06031a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.opensaml.saml2.core.StatusCode; import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -11,6 +12,7 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASResponseNotSuccessException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; @@ -58,7 +60,15 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //TODO: check if additional decryption operation is required } - + + //check response StatusCode + if (!samlResp.getStatusCode().equals(StatusCode.SUCCESS_URI)) { + Logger.info("Receice eIDAS Response with StatusCode:" + samlResp.getStatusCode() + + " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getMessage()); + throw new eIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getMessage()}); + + } + //MOA-ID specific response validation //TODO: implement MOA-ID specific response validation @@ -89,18 +99,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", - new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e)); - - } catch (MOAIDException | MOADatabaseException e) { + new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e)); + + } catch (MOADatabaseException e) { revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); - throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", + new MOAIDException("init.04", new Object[]{""}, e)); } catch (Exception e) { Logger.error("eIDAS Response processing FAILED.", e); revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); - throw new TaskExecutionException(pendingReq, e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), + new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e)); } -- cgit v1.2.3 From 2fb3856bb3412bc825ea789f8d98177a8c527964 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 5 Apr 2016 12:57:17 +0200 Subject: make some minor handbook updates --- id/server/doc/handbook/protocol/Assertion.xml | 4 ++-- id/server/doc/handbook/protocol/idp_metadata.xml | 4 ++-- id/server/doc/handbook/protocol/protocol.html | 1 + 3 files changed, 5 insertions(+), 4 deletions(-) (limited to 'id/server/doc/handbook') diff --git a/id/server/doc/handbook/protocol/Assertion.xml b/id/server/doc/handbook/protocol/Assertion.xml index b6db5f088..2654f2e80 100644 --- a/id/server/doc/handbook/protocol/Assertion.xml +++ b/id/server/doc/handbook/protocol/Assertion.xml @@ -1,6 +1,6 @@ - https://demo.egiz.gv.at/demoportal_moaid-2.0 + https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata @@ -34,7 +34,7 @@ nibdIyU5+AmfFzDaMwNocJEANoXrjLTpduCHvT0Qt/wH+7rVdgjX1djMrBhyMWs7GQyIBRfuf58m - https://demo.egiz.gv.at/demoportal_moaid-2.0 + https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata QVGm48cqcM4UcyhDTNGYmVdrIoY= diff --git a/id/server/doc/handbook/protocol/idp_metadata.xml b/id/server/doc/handbook/protocol/idp_metadata.xml index e8915332e..ffc15d461 100644 --- a/id/server/doc/handbook/protocol/idp_metadata.xml +++ b/id/server/doc/handbook/protocol/idp_metadata.xml @@ -1,4 +1,4 @@ - + @@ -37,7 +37,7 @@ cfmNJhb06H+6mmHz929Bk4HuHoQj8X8= - + diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index 6713bd7a3..58474b635 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -1079,6 +1079,7 @@ https://<host>:<port>/moa-id-auth/LogOut 
 https://<host>:<port>/moa-id-auth/pvp2/metadata
+

Hinweis: Ist die deployed MOA-ID Instanz für mehrere virtuelle IDPs konfiguriert, so können die Metadaten für die jeweiligen virutellen Entities über den PublicURLPrefix der jeweiligen virtuellen Instanz abgerufen werden. Z.B. https://aaa.com/moa-id-auth/pvp2/metadata für virtuellen IDP aaa.com oder https://bbb.com/moa-id-auth/pvp2/metadata für virtuellen IDP bbb.com

Wollen Sie für Ihre Online-Applikation PVP 2.1 als Authentifizierungsprotokoll nutzen müssen für jede Online-Applikation Metadaten erstellt und durch den Service Provider signiert werden. Zusätzlich muss die URL auf die Metadaten und das entsprechende Signaturzertifikat zur Prüfung der Signatur in der online-applikationsspezifischen PVP 2.1 Konfiguration von MOA-ID-Auth hinterlegt sein. Ein Beispiel für online-applikationsspezifische Metadaten finden Sie hier.

Die nachfolgenden Anforderungen an die online-applikationsspezifischen Metadaten .

    -- cgit v1.2.3