From 158d41705d0f8c67a858e84bda8d2c16377cf288 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 13 Jul 2018 15:48:17 +0200 Subject: some bug fixes --- .../moa/id/advancedlogging/StatisticLogger.java | 80 ++++++++++++---------- .../id/auth/builder/AuthenticationDataBuilder.java | 10 +-- .../builder/CreateXMLSignatureRequestBuilder.java | 2 +- .../moa/id/auth/data/AuthenticationSession.java | 22 +++--- .../tasks/EvaluateSSOConsentsTaskImpl.java | 16 ++--- .../internal/tasks/UserRestrictionTask.java | 2 +- .../StartAuthentificationParameterParser.java | 8 +-- .../moa/id/moduls/AuthenticationManager.java | 11 ++- .../gv/egovernment/moa/id/moduls/SSOManager.java | 32 ++++++--- .../storage/DBAuthenticationSessionStoreage.java | 3 +- .../resources/properties/id_messages_de.properties | 6 +- .../protocol_response_statuscodes_de.properties | 2 + .../auth/data/AuthenticationDataBuilderTest.java | 2 +- 13 files changed, 110 insertions(+), 86 deletions(-) (limited to 'id/server/idserverlib/src') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index e92c3377a..f642cddc7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -61,7 +61,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.data.IMOAAuthData; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -142,12 +142,15 @@ public class StatisticLogger implements IStatisticLogger{ IMOAAuthData moaAuthData = (IMOAAuthData) authData; dblog.setOatarget(moaAuthData.getBPKType()); - boolean isFederatedAuthentication = protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_RESPONSE) != null; + boolean isFederatedAuthentication = protocolRequest.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE) != null; dblog.setInterfederatedSSOSession(isFederatedAuthentication); if (isFederatedAuthentication) { dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP); - dblog.setBkuurl(protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class)); + dblog.setBkuurl(protocolRequest.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class)); + + } else if (moaAuthData.isForeigner()) { + dblog.setBkutype(IOAAuthParameters.EIDAS); } else { dblog.setBkuurl(moaAuthData.getBkuURL()); @@ -299,7 +302,8 @@ public class StatisticLogger implements IStatisticLogger{ } else { Logger.debug("Use MOA session information from pending-req for ErrorLogging"); - moasession = new AuthenticationSessionWrapper(errorRequest.genericFullDataStorage()); + moasession = (IAuthenticationSession) errorRequest.getSessionData(AuthenticationSessionWrapper.class); + } @@ -393,45 +397,47 @@ public class StatisticLogger implements IStatisticLogger{ private String findBKUType(String bkuURL, IOAAuthParameters dbOA) { - if (dbOA != null) { - if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.HANDYBKU))) - return IOAAuthParameters.HANDYBKU; - - if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.LOCALBKU))) - return IOAAuthParameters.LOCALBKU; - - if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.THIRDBKU))) - return IOAAuthParameters.THIRDBKU; - } - - Logger.trace("Staticic Log search BKUType from DefaultBKUs"); - - try { - if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.THIRDBKU))) - return IOAAuthParameters.THIRDBKU; + if (bkuURL != null) { + if (dbOA != null) { + if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.HANDYBKU))) + return IOAAuthParameters.HANDYBKU; + + if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.LOCALBKU))) + return IOAAuthParameters.LOCALBKU; + + if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.THIRDBKU))) + return IOAAuthParameters.THIRDBKU; + } + + Logger.trace("Staticic Log search BKUType from DefaultBKUs"); - if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU))) + try { + if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.THIRDBKU))) + return IOAAuthParameters.THIRDBKU; + + if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU))) + return IOAAuthParameters.LOCALBKU; + + if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU))) + return IOAAuthParameters.HANDYBKU; + + } catch (ConfigurationException e) { + Logger.info("Advanced Logging: Default BKUs read failed"); + } + + Logger.debug("Staticic Log search BKUType from generneric Parameters"); + + if (bkuURL.endsWith(GENERIC_LOCALBKU)) { + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU); return IOAAuthParameters.LOCALBKU; + } - if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU))) + if (bkuURL.startsWith(GENERIC_HANDYBKU)) { + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU); return IOAAuthParameters.HANDYBKU; - - } catch (ConfigurationException e) { - Logger.info("Advanced Logging: Default BKUs read failed"); - } - - Logger.debug("Staticic Log search BKUType from generneric Parameters"); - - if (bkuURL.endsWith(GENERIC_LOCALBKU)) { - Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU); - return IOAAuthParameters.LOCALBKU; + } } - if (bkuURL.startsWith(GENERIC_HANDYBKU)) { - Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU); - return IOAAuthParameters.HANDYBKU; - } - Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.AUTHTYPE_OTHERS); return IOAAuthParameters.AUTHTYPE_OTHERS; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index a13455972..2c14af463 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -129,12 +129,12 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException { try { return buildAuthenticationData(pendingReq, - new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()), + pendingReq.getSessionData(AuthenticationSessionWrapper.class), pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class)); } catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException | EAAFBuilderException e) { Logger.warn("Can not build authentication data from session information"); - throw new EAAFAuthenticationException("TODO", new Object[]{}, e); + throw new EAAFAuthenticationException("builder.11", new Object[]{}, e); } @@ -186,14 +186,14 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder if (oaParam.isSTORKPVPGateway()) oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, pendingReq); - Boolean isMinimalFrontChannelResp = pendingReq.getGenericData( + Boolean isMinimalFrontChannelResp = pendingReq.getRawData( MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class); if (isMinimalFrontChannelResp != null && isMinimalFrontChannelResp) { //only set minimal response attributes authdata.setQAALevel( - pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class)); + pendingReq.getRawData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class)); authdata.setBPK( - pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class)); + pendingReq.getRawData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class)); } else { //build AuthenticationData from MOASession diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index a43e6a7fb..399ecc022 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -191,7 +191,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { String sectorName = null; - String saml1Target = pendingReq.getGenericData( + String saml1Target = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); if (MiscUtil.isNotEmpty(saml1Target)) { target = saml1Target; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 926bfe242..cadaec2a0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -45,6 +45,7 @@ import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import org.apache.commons.collections4.map.HashedMap; @@ -235,13 +236,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi */ @Override public X509Certificate getSignerCertificate() { - try { - return new X509Certificate(signerCertificate); - } - catch (CertificateException e) { - Logger.warn("Signer certificate can not be loaded from session database!", e); - return null; + if (signerCertificate != null && signerCertificate.length > 0) { + try { + return new X509Certificate(signerCertificate); + } + catch (CertificateException e) { + Logger.warn("Signer certificate can not be loaded from session database!", e); + + } } + + return null; } /* (non-Javadoc) @@ -665,8 +670,9 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi result.put(VALUE_SIGNER_CERT, getSignerCertificate()); result.put(VALUE_VERIFYSIGRESP, getXMLVerifySignatureResponse()); - result.putAll(genericSessionDataStorate); - + for (Entry el : genericSessionDataStorate.entrySet()) + result.put(GENERIC_PREFIX + el.getKey(), el.getValue()); + return Collections.unmodifiableMap(result); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index b976cba9e..375b144d7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -78,13 +78,8 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { //defaultTaskInitialization(request, executionContext); //check SSO session cookie and MOASession object - String ssoId = ssoManager.getSSOSessionID(request); - boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); - - //load MOA SSO-session from database - AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); - - if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) { + String ssoId = ssoManager.getSSOSessionID(request); + if (!(ssoManager.isValidSSOSession(ssoId, pendingReq))) { Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ..."); throw new AuthenticationException("auth.30", null); @@ -95,9 +90,12 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { //user allow single sign-on authentication if (ssoConsents) { - + //load MOA SSO-session from database + AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); + + //Populate this pending request with SSO session information - pendingReq.setGenericDataToSession(ssoMOSSession.getKeyValueRepresentationFromAuthSession());; + pendingReq.setRawDataToTransaction(ssoMOSSession.getKeyValueRepresentationFromAuthSession());; //authenticate pending-request pendingReq.setAuthenticated(true); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java index 7d9a2c28c..acaf21682 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java @@ -35,7 +35,7 @@ public class UserRestrictionTask extends AbstractAuthServletTask { List restrictedSPs = KeyValueUtils.getListOfCSVValues(authConfig.getBasicConfiguration(CONFIG_PROPS_SP_LIST)); if (restrictedSPs.contains(spEntityId)) { Logger.debug("SP:" + spEntityId + " has a user restrication. Check users bPK ... "); - AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); //check if user idl is already loaded if (moasession.getIdentityLink() == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 0e1e1bf12..ead80b117 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -138,8 +138,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ resultTargetFriendlyName = targetFriendlyNameConfig; //set info's into request-context. (It's required to support SAML1 requested target parameters) - protocolReq.setGenericDataToSession(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget); - protocolReq.setGenericDataToSession( + protocolReq.setRawDataToTransaction(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget); + protocolReq.setRawDataToTransaction( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, resultTargetFriendlyName); } else { @@ -206,7 +206,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL())) throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); - protocolReq.setGenericDataToSession( + protocolReq.setRawDataToTransaction( MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, templateURL); @@ -248,7 +248,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ oaURL = pendingReq.getSPEntityId(); //only needed for SAML1 - String target = pendingReq.getGenericData("saml1_target", String.class); + String target = pendingReq.getRawData("saml1_target", String.class); parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, pendingReq); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 6544766b2..77abe07af 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -60,12 +60,9 @@ import at.gv.egovernment.moa.util.MiscUtil; @Service("MOAID_AuthenticationManager") public class AuthenticationManager extends AbstractAuthenticationManager { - public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL"; - public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse"; - public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes"; - public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID"; public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA"; - + public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes"; + public static final String MOA_SESSION = "MoaAuthenticationSession"; public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; @@ -167,13 +164,13 @@ public class AuthenticationManager extends AbstractAuthenticationManager { //set interfederation authentication flag executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH, MiscUtil.isNotEmpty( - pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class))); + pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class))); //set legacy mode or BKU-selection flags boolean leagacyMode = (legacyallowed && legacyparamavail); executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode); executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode - && MiscUtil.isEmpty(pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class))); + && MiscUtil.isEmpty(pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class))); //add additional http request parameter to context if (leagacyMode) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 97c4f40cd..b5005d0c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -23,6 +23,8 @@ package at.gv.egovernment.moa.id.moduls; import java.util.Date; +import java.util.Map; +import java.util.Map.Entry; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; @@ -73,9 +75,10 @@ public class SSOManager implements ISSOManager { private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec - public static final String DATAID_INTERFEDERATIOIDP_URL = "INTERFEDERATIOIDP_URL"; - public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "INTERFEDERATIOIDP_RESPONSE"; - public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "INTERFEDERATIOIDP_ENTITYID"; + public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL"; + public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse"; + public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID"; + @Autowired private IAuthenticationSessionStoreage authenticatedSessionStore; @Autowired private AuthConfiguration authConfig; @@ -166,8 +169,17 @@ public class SSOManager implements ISSOManager { Logger.debug("Found authenticated MOASession with provided SSO-Cookie."); revisionsLogger.logEvent(pendingReq, EVENT_SSO_SESSION_VALID); - Logger.trace("Populatint pending request with SSO session information .... "); - pendingReq.setGenericDataToSession(ssoMOASession.getKeyValueRepresentationFromAuthSession()); + Logger.trace("Populatint pending request with SSO session information .... "); + Map fullSSOData = ssoMOASession.getKeyValueRepresentationFromAuthSession(); + if (Logger.isTraceEnabled()) { + Logger.trace("Full SSO DataSet: "); + for (Entry el : fullSSOData.entrySet()) { + Logger.trace(" Key: " + el.getKey() + " Value: " + el.getValue()); + + } + + } + pendingReq.setRawDataToTransaction(fullSSOData); pendingReq.setAuthenticated(true); } @@ -301,7 +313,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP); String interfederationIDP = - protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class); + protocolRequest.getRawData(DATAID_INTERFEDERATIOIDP_URL, String.class); if (MiscUtil.isNotEmpty(interfederationIDP)) { Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + interfederationIDP); return; @@ -313,14 +325,14 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf RequestImpl moaReq = (RequestImpl) protocolRequest; if (MiscUtil.isNotEmpty(interIDP)) { Logger.info("Receive SSO request for interfederation IDP " + interIDP); - moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, interIDP); + moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, interIDP); } else { //check if IDP cookie is set String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION); if (MiscUtil.isNotEmpty(cookie)) { Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie); - moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, cookie); + moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, cookie); deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); } @@ -367,7 +379,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf //in case of federated SSO session, jump to federated IDP for authentication String interfederationIDP = - protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class); + protocolRequest.getRawData(DATAID_INTERFEDERATIOIDP_URL, String.class); if (MiscUtil.isEmpty(interfederationIDP)) { InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid()); @@ -375,7 +387,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf if (selectedIDP != null) { //no local SSO session exist -> request interfederated IDP Logger.info("SSO Session refer to federated IDP: " + selectedIDP.getIdpurlprefix()); - protocolRequest.setGenericDataToSession( + protocolRequest.setRawDataToTransaction( DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix()); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java index 0f75cf63b..405e44112 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java @@ -95,7 +95,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt dbsession.setAdditionalInformationBytes(mapper.serialize(sessionExt).getBytes("UTF-8")); AuthenticationSession session = new AuthenticationSession(id, now, - new AuthenticationSessionWrapper(target.genericFullDataStorage())); + (IAuthenticationSession)target.getSessionData(AuthenticationSessionWrapper.class)); encryptSession(session, dbsession); //store AssertionStore element to Database @@ -341,6 +341,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt dbsession.setSSOSession(true); dbsession.setSSOsessionid(externalSSOSessionID); + dbsession.setAuthenticated(true); //Store MOASession entityManager.merge(dbsession); diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 7d6730925..66b9be341 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -114,6 +114,7 @@ builder.07=Fehlerhaftes SecurityLayer Template. builder.08=Authentication process could NOT completed. Reason: {0} builder.09=Can not build GUI component. Reason: {0} builder.10=Can not create or update SSO session. SSO NOT POSSIBLE +builder.11=Fehler beim generieren der Anmeldedaten f\u00FCr die Online Applikation service.00=Fehler beim Aufruf des Web Service: {0} service.01=Fehler beim Aufruf des Web Service: kein Endpoint @@ -310,8 +311,8 @@ pvp2.25=Fehler beim Validieren der PVP2 Metadaten ##add status codes!!!! sp.pvp2.00=Can not build PVP AuthnRequest for {0} {1}. No valid SingleSignOnService endpoint found. -sp.pvp2.01=Can not build PVP AuthnRequest for {0} {0}. IDP is not allowed for federated authentication. -sp.pvp2.02=Can not build PVP AuthnRequest for {0} {0}. IDP has no (valid) metadata. +sp.pvp2.01=Can not build PVP AuthnRequest for {0}. IDP is not allowed for federated authentication. +sp.pvp2.02=Can not build PVP AuthnRequest for {0}. IDP has no (valid) metadata. sp.pvp2.03=Receive PVP Response from {0} with unsupported Binding. sp.pvp2.04=Receive invalid PVP Response from {0}. No PVP metadata found. sp.pvp2.05=Receive invalid PVP Response from {0} {1}. StatusCode:{2} Msg:{3}. @@ -322,6 +323,7 @@ sp.pvp2.09=Receive invalid PVP Response from {0} {1}. StatusCodes:{2} {3} Msg:{4 sp.pvp2.10=Receive invalid PVP Response from {0}. No valid assertion included. sp.pvp2.11=Receive invalid PVP Response from {0}. Assertion decryption FAILED. sp.pvp2.12=Receive invalid PVP Response from {0}. Msg:{1} +sp.pvp2.13=Can not build PVP AuthnRequest for {0}. Internal processing error. oauth20.01=Fehlerhafte redirect url oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}" diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 5d7588dd5..b878eadf3 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -92,6 +92,7 @@ builder.07=9002 builder.08=1008 builder.09=9103 builder.10=1009 +builder.11=9102 service.00=4300 service.03=4300 @@ -122,6 +123,7 @@ sp.pvp2.09=4503 sp.pvp2.10=4502 sp.pvp2.11=4502 sp.pvp2.12=4502 +sp.pvp2.13=4501 validator.00=1102 validator.01=1102 diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java index 16cdc9c12..1ea057186 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java @@ -43,7 +43,7 @@ public class AuthenticationDataBuilderTest { IAuthenticationSession session = new DummyAuthSession(); session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL, false))).parseIdentityLink()); - pendingReq.setGenericDataToSession(session.getKeyValueRepresentationFromAuthSession()); + pendingReq.setRawDataToTransaction(session.getKeyValueRepresentationFromAuthSession()); IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq); -- cgit v1.2.3