From 1c567f6eb16fa10d3811fbaaf70c4ab04fb08077 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 6 Feb 2014 15:42:53 +0100 Subject: BRZ: -add SAML1 SourceID parameter in moa-id general Bugfix: -SSO target had an error in case of business-service -OA with business-service whichout single sign-on produce an error --- .../moa/id/auth/AuthenticationServer.java | 22 ++++++++--- .../moa/id/auth/MOAIDAuthConstants.java | 2 + .../moa/id/config/ConfigurationProvider.java | 21 ----------- .../id/config/auth/AuthConfigurationProvider.java | 44 +++++++++++++--------- .../id/config/legacy/BuildFromLegacyConfig.java | 24 ++++++++---- 5 files changed, 62 insertions(+), 51 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 06d5b01bd..a5e92c701 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -2,6 +2,7 @@ package at.gv.egovernment.moa.id.auth; import iaik.asn1.ObjectID; +import iaik.util.logging.Log; import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; @@ -250,16 +251,27 @@ public class AuthenticationServer implements MOAIDAuthConstants { String infoboxReadRequest = ""; + String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim(); + if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { + //do not use SSO if no Target is set + Log.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); + session.setSsoRequested(false); + + } + if (session.isSsoRequested()) { //load identityLink with SSO Target boolean isbuisness = false; - String domainIdentifier = ""; - IdentificationNumber ssobusiness = AuthConfigurationProvider.getInstance().getSSOBusinessService(); - if (ssobusiness != null) { + + if (domainIdentifier.startsWith(PREFIX_WPBK)) { + + isbuisness = false; + + } else { isbuisness = true; - domainIdentifier = ssobusiness.getValue(); + } - + //build ReadInfobox request infoboxReadRequest = new InfoboxReadRequestBuilder().build( isbuisness, domainIdentifier); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index f555cfb9a..060dc2248 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -104,6 +104,8 @@ public interface MOAIDAuthConstants { // /** the number of the certifcate extension for party organ representatives */ // public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; + public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; + /** OW */ public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index 3432a19b1..dc5ec430e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -135,27 +135,6 @@ public class ConfigurationProvider { return rootConfigFileDir; } - /** - * Returns the mapping of generic configuration properties. - * - * @return The mapping of generic configuration properties (a name to value - * mapping) from the configuration. - */ - public Map getGenericConfiguration() { - return genericConfiguration; - } - - /** - * Returns the value of a parameter from the generic configuration section. - * - * @return the parameter value; null if no such parameter - */ - public String getGenericConfigurationParameter(String parameter) { - if (! genericConfiguration.containsKey(parameter)) - return null; - return (String)genericConfiguration.get(parameter); - } - /** * Return the chaining mode for a given trust anchor. * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 1804b5fd5..304b63de0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -519,6 +519,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { if (protocols.getSAML1() != null) { allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive()); + + //load alternative sourceID + if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID())) + alternativesourceid = protocols.getSAML1().getSourceID(); + } if (protocols.getOAuth() != null) { @@ -562,8 +567,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } //set alternativeSourceID - if (auth.getGeneralConfiguration() != null) - alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); + if (auth.getGeneralConfiguration() != null) + + //TODO: can be removed in a further version, because it is moved to SAML1 config + if (MiscUtil.isEmpty(alternativesourceid)) + alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); // sets the authentication session and authentication data time outs BigInteger param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated(); @@ -744,7 +752,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } public ProtocolAllowed getAllowedProtocols() { - return this.allowedProtcols; + return allowedProtcols; } public PVP2 getGeneralPVP2DBConfig() { @@ -895,27 +903,27 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } } - public boolean isSSOBusinessService() throws ConfigurationException { - - if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) - return true; - else - return false; - } +// public boolean isSSOBusinessService() throws ConfigurationException { +// +// if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) +// return true; +// else +// return false; +// } - public IdentificationNumber getSSOBusinessService() throws ConfigurationException { + public String getSSOTagetIdentifier() throws ConfigurationException { if (ssoconfig != null) - return ssoconfig.getIdentificationNumber(); + return ssoconfig.getTarget(); else return null; } - public String getSSOTarget() throws ConfigurationException { - if (ssoconfig!= null) - return ssoconfig.getTarget(); - - return null; - } +// public String getSSOTarget() throws ConfigurationException { +// if (ssoconfig!= null) +// return ssoconfig.getTarget(); +// +// return null; +// } public String getSSOFriendlyName() { if (ssoconfig!= null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index f515ea6bd..7ecd7dde8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -58,11 +58,13 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAuth; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; @@ -141,11 +143,7 @@ public class BuildFromLegacyConfig { //Load generic Config Map genericConfiguration = builder.buildGenericConfiguration(); GeneralConfiguration authGeneral = new GeneralConfiguration(); - - if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID)) - authGeneral.setAlternativeSourceID( - (String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID)); - + if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)) authGeneral.setTrustManagerRevocationChecking( Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))); @@ -179,6 +177,19 @@ public class BuildFromLegacyConfig { final List PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); prot_legacy.setProtocolName(PROTOCOLS_LEGACY_ALLOWED); + //set SAML1 config + SAML1 saml1 = new SAML1(); + saml1.setIsActive(true); + if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID)) + saml1.setSourceID((String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID)); + auth_protocols.setSAML1(saml1); + + //set OAuth config + OAuth oauth = new OAuth(); + oauth.setIsActive(true); + auth_protocols.setOAuth(oauth); + + //set PVP2.1 config PVP2 prot_pvp2 = new PVP2(); auth_protocols.setPVP2(prot_pvp2); prot_pvp2.setPublicURLPrefix("https://...."); @@ -188,7 +199,7 @@ public class BuildFromLegacyConfig { prot_pvp2.setOrganization(pvp2_org); pvp2_org.setDisplayName("OrganisationDisplayName"); pvp2_org.setName("OrganisatioName"); - pvp2_org.setURL("http://www.egiz.gv.at"); + pvp2_org.setURL("http://testorganisation.at"); List pvp2_contacts = new ArrayList(); prot_pvp2.setContact(pvp2_contacts); @@ -357,7 +368,6 @@ public class BuildFromLegacyConfig { // oa_auth.setUseIFrame(false); // oa_auth.setUseUTC(oa.getUseUTC()); - //BKUURLs BKUURLS bkuurls = new BKUURLS(); bkuurls.setOnlineBKU(oldbkuonline); -- cgit v1.2.3