From b158b0b5a5b0bf65e8c5624216fcf23d5c683d64 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 19 Mar 2014 12:18:56 +0100 Subject: add configuration parameter to disable PVP2.1 assertion encryption --- .../gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java | 5 +++++ .../moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib/src/main/java/at/gv') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index f9a038d9f..8d1fc7979 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -998,6 +998,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return publicURLPreFix; } + public boolean isPVP2AssertionEncryptionActive() { + String prop = props.getProperty("protocols.pvp2.assertion.encryption.active", "true"); + return Boolean.valueOf(prop); + } + /** * Retruns the STORK Configuration * @return STORK Configuration diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 7bf188e53..c5afbabe5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -58,6 +58,7 @@ import org.opensaml.xml.security.x509.X509Credential; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; @@ -156,7 +157,8 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { } - if (encryptionCredentials != null) { + boolean isEncryptionActive = AuthConfigurationProvider.getInstance().isPVP2AssertionEncryptionActive(); + if (encryptionCredentials != null && isEncryptionActive) { //encrypt SAML2 assertion try { -- cgit v1.2.3