From deebaf058efe2203f0e6844de7cb6b09374cab7c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 22 Oct 2014 13:03:52 +0200 Subject: add VIDP gateway process-flow to national infrastructure --- .../gv/egovernment/moa/id/moduls/SSOManager.java | 1 + .../id/protocols/stork2/AuthenticationRequest.java | 16 +++++---- .../moa/id/protocols/stork2/STORKProtocol.java | 38 +++++++++++++++++++--- .../resources/properties/id_messages_de.properties | 3 +- .../protocol_response_statuscodes_de.properties | 1 + 5 files changed, 47 insertions(+), 12 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index ff294dc3d..68545e1c2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -100,6 +100,7 @@ public class SSOManager { if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) { Logger.info("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP()); + return; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 3bd827667..95597e0ad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -22,7 +22,6 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.stork2; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -38,6 +37,7 @@ import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import eu.stork.peps.auth.commons.*; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; @@ -67,14 +67,11 @@ public class AuthenticationRequest implements IAction { private VelocityEngine velocityEngine; - private IAuthData authData = null; private MOASTORKRequest moaStorkRequest = null; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - this.authData = authData; - if ((req instanceof MOASTORKRequest)) { // && ( ((MOASTORKRequest) req).getCitizenCountryCode() == null || ((MOASTORKRequest) req).getCitizenCountryCode().equals("AT") )) { this.moaStorkRequest = (MOASTORKRequest) req; @@ -111,7 +108,10 @@ public class AuthenticationRequest implements IAction { // } // Get personal attributtes from MOA/IdentityLink - moaStorkResponse.setPersonalAttributeList(populateAttributes(oaParam)); + + //build STORK attributes from local authentication information + if (authData != null) + moaStorkResponse.setPersonalAttributeList(populateAttributes(authData, oaParam)); } //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); @@ -390,6 +390,10 @@ public class AuthenticationRequest implements IAction { public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) { + //redirect to national PVP IDP infrastructure if special attributes are requested + if (MiscUtil.isEmpty(req.getRequestedIDP()) && req instanceof MOASTORKRequest) + return !STORKPVPUtilits.performAuthenticationOnNationalIDP((MOASTORKRequest) req); + // // authentication is not needed if we have authentication request from SP for citizen of configured PEPS country // if (req instanceof MOASTORKRequest) { // MOASTORKRequest moastorkRequest = (MOASTORKRequest) req; @@ -444,7 +448,7 @@ public class AuthenticationRequest implements IAction { } - public PersonalAttributeList populateAttributes(IOAAuthParameters oaParam) { + public PersonalAttributeList populateAttributes(IAuthData authData, IOAAuthParameters oaParam) { IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList(); Logger.info("Found " + attrLst.size() + " personal attributes in the request."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 440121417..57531992d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -23,11 +23,15 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import eu.stork.peps.auth.commons.*; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; @@ -145,20 +149,23 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { STORKAuthnRequest authnRequest = null; STORKAttrQueryRequest attrRequest = null; - - + // check if valid authn request is contained try { authnRequest = engine.validateSTORKAuthnRequest(decSamlToken); + } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } catch (ClassCastException e) { // we do not have a authnRequest // check if a valid attr request is container try { attrRequest = engine.validateSTORKAttrQueryRequest(decSamlToken); + } catch (STORKSAMLEngineException ex) { Logger.error("Unable to validate Stork AuthenticationRequest: " + ex.getMessage()); + } } @@ -176,11 +183,32 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { Logger.error("Exception, attributes: " + e.getMessage()); } - STORK2Request.setSTORKAuthnRequest(authnRequest); STORK2Request.setSTORKAttrRequest(attrRequest); - - + + //check if OA is instance of VIDP or STORKPVPGateway + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(STORK2Request.getOAURL()); + if (oaParam == null) + throw new AuthenticationException("stork.12", new Object[]{STORK2Request.getOAURL()}); + + else { + if (oaParam.isSTORKPVPGateway()) { + if (MiscUtil.isNotEmpty(oaParam.getSTORKPVPForwardEntity())) { + Logger.info("Received request for STORK->PVP gateway. " + + "Forward to PVP portal with entiyID " + oaParam.getSTORKPVPForwardEntity() + + " ..." ); + STORK2Request.setRequestedIDP(oaParam.getSTORKPVPForwardEntity()); + + } else { + Logger.error("InterfederatedGateway configuration with ID " + STORK2Request.getOAURL() + + " not configure a forward entityID."); + throw new MOAIDException("", null); + + } + } + + } + return STORK2Request; } else { throw new MOAIDException("stork.14", null); // TODO Specify message diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 9bfa14a7c..361c6b5ee 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -72,7 +72,8 @@ config.17=Fehler beim initialisieren von Hibernate config.18=Keine MOA-ID 2.x Konfiguration gefunden. config.19=Kein Schl\u00FCssel f\u00FCr die Resignierung der Personenbindung gefunden. config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt -config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterlegt. +config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterlegt. +config.22=F\u00FCr den Interfederation-Gateway mit der ID {0} ist kein Endpunkt zur Weiterleitung konfiguriert. parser.00=Leichter Fehler beim Parsen: {0} parser.01=Fehler beim Parsen: {0} diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 3f9cf2f1d..085625972 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -52,6 +52,7 @@ config.18=9199 config.19=9199 config.20=9199 config.21=9006 +config.22=9008 parser.00=1101 parser.01=1101 -- cgit v1.2.3