From ecf9de84e76dde785ced8c1632c7909d1d57f94a Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 30 May 2018 14:36:39 +0200
Subject: add error handling and some more validation to SL2.0 module

---
 .../src/main/resources/resources/properties/id_messages_de.properties | 3 ++-
 .../resources/properties/protocol_response_statuscodes_de.properties  | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

(limited to 'id/server/idserverlib/src/main/resources')

diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 9cc4b0b5e..84fd93773 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -344,4 +344,5 @@ sl20.03=Fehlende Konfiguration im SL2.0 Modul. Msg: {0}
 sl20.04=Http request enth\u00e4lt keinen SL2.0 Transportcontainer.
 sl20.05=Fehler beim Validieren eines JWS oder JWE Tokens. Reason: {0}.
 sl20.06=Http transport-binding error. Reason: {0} 
-
+sl20.07=Fehler beim Validieren der eID information. Type: {0} Reason: {1}
+sl20.08=SL2.0 Teilnehmer antwortet mit einem Fehler. Code: {0} Reason: {1}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 6de581cae..d77ea437b 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -258,6 +258,10 @@ sl20.01=14000
 sl20.02=14001
 sl20.03=14800
 sl20.04=14001
+sl20.05=xxxxx
+sl20.06=xxxxx
+sl20.07=xxxxx
+sl20.08=xxxxx
 
 ##Map MIS/BKU statuscodes to MOA-ID-Auth statuscodes
 mis.301=1005
-- 
cgit v1.2.3


From 709197ce12c5502f86e16da1167b97ca318f47fa Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 5 Jun 2018 10:44:40 +0200
Subject: implement user restriction based on whitelisting

---
 .../src/main/resources/moaid.authentication.beans.xml            | 9 ++++++++-
 .../resources/resources/properties/id_messages_de.properties     | 2 ++
 .../properties/protocol_response_statuscodes_de.properties       | 2 ++
 3 files changed, 12 insertions(+), 1 deletion(-)

(limited to 'id/server/idserverlib/src/main/resources')

diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index ba8c47304..dc3022ab4 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -42,6 +42,9 @@
 	<bean id="MOAID_SSOManager" 
 				class="at.gv.egovernment.moa.id.moduls.SSOManager"/>
 
+	<bean id="UserWhiteList_Store" 
+				class="at.gv.egovernment.moa.id.config.auth.data.UserWhitelistStore"/>
+
 	
 
 	<bean id="AuthenticationSessionStoreage" 
@@ -91,7 +94,11 @@
 				
 	<bean id="EvaluateSSOConsentsTaskImpl" 
 				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.EvaluateSSOConsentsTaskImpl"
-				scope="prototype"/>		
+				scope="prototype"/>
+				
+	<bean id="UserRestrictionTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask"
+				scope="prototype"/>			
 				
 	<beans profile="advancedLogOn">
 		<bean id="StatisticLogger" 
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 84fd93773..799b32025 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -52,6 +52,7 @@ auth.31=Federated authentication FAILED. No information for AttributeQuery, mayb
 auth.32=Federated authentication FAILED. No configuration for IDP {0}
 auth.33=Federated authentication FAILED. Configuration of IDP {0} does not allow inbound messages. 
 auth.34=Federated authentication FAILED. Configuration of IDP {0} is marked as BusinessService-IDP, but Public-Service attributes are requested.
+auth.35=Der Anmeldevorgang wurde automatisiert abgebrochen, da der Benutzer nicht für dieses Onlineapplikation berechtigt ist. 
 
 init.00=MOA-ID-Auth wurde erfolgreich gestartet
 init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
@@ -336,6 +337,7 @@ slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Onlin
 process.01=Fehler beim Ausf\u00FChren des Prozesses.
 process.02=Fehler beim Erstellen eines geeigneten Prozesses f\u00FCr die SessionID {0}.
 process.03=Fehler beim Weiterf\u00FChren es Prozesses. Msg:{0}
+process.03=Fehler beim Ausf\u00FChren des Prozesses. Interner state ung\u00FCltig.
 
 sl20.00=Allgemeiner Fehler w\u00e4hrend SL2.0 Authentifizierung. Msg: {0}
 sl20.01=Fehler beim Generieren des SL2.0 Kommandos. Msg: {0}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index d77ea437b..dae88889f 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -32,6 +32,7 @@ auth.31=4400
 auth.32=4401
 auth.33=4401
 auth.34=4401
+auth.35=1111
 
 init.00=9199
 init.01=9199
@@ -103,6 +104,7 @@ service.10=4500
 process.01=9104
 process.02=9104
 process.03=9105
+process.03=9104
  
 sp.pvp2.00=4501
 sp.pvp2.01=4501
-- 
cgit v1.2.3


From 55f71502a0b62624d5ebc0e4aa749b3f5d5a0bf2 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 15 Jun 2018 13:33:59 +0200
Subject: Add operation identifier for signature validation step

---
 .../src/main/resources/resources/properties/id_messages_de.properties   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'id/server/idserverlib/src/main/resources')

diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 799b32025..49ef8220d 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -154,7 +154,7 @@ validator.03=Der Namespace eines \u00F6ffentlicher Schl\u00FCssels ist ung\u00FC
 validator.04=Es wurde ein SAML\:Attribut ohne \u00F6ffentlichen Schl\u00FCssel gefunden {0}
 validator.05=Es wurde {0} keine DSIG:Signature gefunden
 
-validator.06=Die Signatur ist ung\u00FCltig
+validator.06=Die Signatur ist ung\u00FCltig. Operation: {0}
 validator.07=Das Zertifikat der Personenbindung ist ung\u00FCltig.<br>{0}
 validator.08=Das Manifest ist ung\u00FCltig
 validator.09=Die \u00F6ffentlichen Schl\u00FCssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat \u00FCberein
-- 
cgit v1.2.3