From 49e202080467e3da1b43505ace711001b6c18c4b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 8 May 2014 10:17:42 +0200 Subject: add first parts for Single LogOut --- .../moa/id/entrypoints/DispatcherServlet.java | 12 +++-- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 60 ++++++++++++++++++++-- .../id/protocols/pvp2x/PVPTargetConfiguration.java | 3 +- .../id/protocols/pvp2x/messages/MOARequest.java | 11 +++- 4 files changed, 76 insertions(+), 10 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 9f1b6b3e8..1cc2a5711 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -41,7 +41,6 @@ import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; @@ -271,10 +270,17 @@ public class DispatcherServlet extends AuthServlet{ //request is a new authentication request } else if (protocolRequest != null && - MiscUtil.isEmpty(protocolRequest.getRequestID())) { + MiscUtil.isEmpty(protocolRequest.getRequestID())) { //Start new Authentication - protocolRequest.setAction(action); protocolRequest.setModule(module); + + //if preProcessing has not set a specific action from decoded request + // then set the default action + if (MiscUtil.isEmpty(protocolRequest.requestedAction())) + protocolRequest.setAction(action); + else + moduleAction = info.getAction(protocolRequest.requestedAction()); + protocolRequestID = Random.nextRandom(); protocolRequest.setRequestID(protocolRequestID); RequestStorage.setPendingRequest(protocolRequest); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index a786420cf..e2e6e752b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -52,6 +52,7 @@ import org.opensaml.saml2.metadata.AssertionConsumerService; import org.opensaml.saml2.metadata.AttributeConsumingService; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.SingleLogoutService; import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.signature.SignableXMLObject; @@ -105,6 +106,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { public static final String SOAP = "Soap"; public static final String METADATA = "Metadata"; public static final String ATTRIBUTEQUERY = "AttributeQuery"; + public static final String SINGLELOGOUT = "SingleLogOut"; private static List decoder = new ArrayList(); @@ -125,6 +127,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { actions.put(POST, new AuthenticationAction()); actions.put(METADATA, new MetadataAction()); actions.put(ATTRIBUTEQUERY, new AttributQueryAction()); + actions.put(SINGLELOGOUT, new SingleLogOutAction()); //TODO: insert getArtifact action @@ -179,6 +182,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { if(METADATA.equals(action)) { return new PVPTargetConfiguration(); + } IDecoder decoder = findDecoder(action, request); @@ -350,8 +354,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { HttpServletResponse response) { if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("GET")) { return getAction(REDIRECT); + } else if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("POST")) { return getAction(POST); + } if(METADATA.equals(request.getParameter("action"))) { @@ -373,11 +379,57 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { * @param response * @param msg * @return + * @throws MOAIDException */ private IRequest preProcessLogOut(HttpServletRequest request, - HttpServletResponse response, MOARequest msg) { - // TODO Auto-generated method stub - return null; + HttpServletResponse response, MOARequest msg) throws MOAIDException { + + PVPTargetConfiguration config = new PVPTargetConfiguration(); + + if (((MOARequest)msg).getSamlRequest() instanceof LogoutRequest) { + //preProcess single logout request from service provider + + EntityDescriptor metadata = msg.getEntityMetadata(); + if(metadata == null) { + throw new NoMetadataInformationException(); + } + + + + String oaURL = metadata.getEntityID(); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + + Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding()); + + config.setOAURL(oaURL); + config.setBinding(msg.getRequestBinding()); + + + } else if (((MOARequest)msg).getSamlRequest() instanceof LogoutResponse) { + //preProcess single logour response from service provider + + LogoutResponse resp = (LogoutResponse) (((MOARequest)msg).getSamlRequest()); + + Logger.debug("PreProcess SLO Response from " + resp.getIssuer()); + + if (!resp.getDestination().startsWith( + PVPConfiguration.getInstance().getIDPPublicPath())) { + Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL"); + throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null); + + } + + //TODO: check if relayState exists + msg.getRelayState(); + + + } else + throw new MOAIDException("Unsupported request", new Object[] {}); + + + config.setRequest(msg); + config.setAction(SINGLELOGOUT); + return config; } /** @@ -485,7 +537,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { String oaURL = moaRequest.getEntityMetadata().getEntityID(); String binding = consumerService.getBinding(); - Logger.info("Dispatch PVP2 Request: OAURL=" + oaURL + " Binding=" + binding); + Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + binding); oaURL = StringEscapeUtils.escapeHtml(oaURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java index 96e2bf7e9..65da23565 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.logging.Logger; public class PVPTargetConfiguration extends RequestImpl { @@ -50,7 +51,7 @@ public class PVPTargetConfiguration extends RequestImpl { InboundMessage request; String binding; String consumerURL; - + public InboundMessage getRequest() { return request; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java index f2f8f0a23..7679e74a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java @@ -37,11 +37,18 @@ public class MOARequest extends InboundMessage{ private static final long serialVersionUID = 8613921176727607896L; - public MOARequest(SignableXMLObject inboundMessage) { - setSAMLMessage(inboundMessage.getDOM()); + private String binding = null; + + public MOARequest(SignableXMLObject inboundMessage, String binding) { + setSAMLMessage(inboundMessage.getDOM()); + this.binding = binding; } + public String getRequestBinding() { + return binding; + } + public SignableXMLObject getSamlRequest() { UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage()); -- cgit v1.2.3