From 3974cdadf7e40ce7fd6b2bc7e067dc77ab51ee0b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 20 Mar 2014 15:54:11 +0100
Subject: add SAML1 sourceID received from StartAuthentication request

---
 .../moa/id/protocols/saml1/GetArtifactAction.java            |  9 ++++++++-
 .../moa/id/protocols/saml1/SAML1AuthenticationServer.java    |  4 ++--
 .../gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java | 12 +++++++++++-
 3 files changed, 21 insertions(+), 4 deletions(-)

(limited to 'id/server/idserverlib')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index c22f6d25f..c337433b6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -52,6 +52,13 @@ public class GetArtifactAction implements IAction {
 		String oaURL = (String) req.getOAURL();
 		String target = (String) req.getTarget();
 		
+		String sourceID = null;
+		if (req instanceof SAML1RequestImpl) {
+			SAML1RequestImpl saml1req = (SAML1RequestImpl) req;
+			sourceID = saml1req.getSourceID();
+			
+		}
+		
 		try {
 		
 			
@@ -84,7 +91,7 @@ public class GetArtifactAction implements IAction {
 				Logger.info("MOA assertion assembled and SAML Artifact generated.");
 			}
 			
-			String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData);
+			String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData, sourceID);
 			
 			if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) {
 				String url = "RedirectServlet";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 7c91026bf..6391860ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -165,7 +165,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 	
 	public String BuildSAMLArtifact(AuthenticationSession session, 
 			OAAuthParameter oaParam, 
-			AuthenticationData authData) 
+			AuthenticationData authData, String sourceID) 
 					throws ConfigurationException, BuildException, AuthenticationException {
 		
 		//Load SAML1 Parameter from OA config
@@ -326,7 +326,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 				
 			String samlArtifact = new SAMLArtifactBuilder().build(
 			session.getAuthURL(), Random.nextRandom(),
-			saml1parameter.getSourceID());
+			sourceID);
 			
 			storeAuthenticationData(samlArtifact, authData);
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index ada0bfa8f..b6a2ac0b6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -82,7 +82,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
 
 	public IRequest preProcess(HttpServletRequest request,
 			HttpServletResponse response, String action) throws MOAIDException {
-		RequestImpl config = new RequestImpl();
+		SAML1RequestImpl config = new SAML1RequestImpl();
 		
 		if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isSAML1Active()) {
 			Logger.info("SAML1 is deaktivated!");
@@ -96,6 +96,9 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
 		String target = (String) request.getParameter(PARAM_TARGET);
 		target = StringEscapeUtils.escapeHtml(target);
 		
+		String sourceID = request.getParameter(PARAM_SOURCEID);
+		sourceID = StringEscapeUtils.escapeHtml(sourceID);
+		
 		//the target parameter is used to define the OA in SAML1 standard
 		if (target != null && target.startsWith("http")) {
 			oaURL = target;
@@ -112,10 +115,15 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
 		if (!ParamValidatorUtils.isValidOA(oaURL))
 			throw new WrongParametersException("StartAuthentication", PARAM_OA,
 					"auth.12");
+	
 		config.setOAURL(oaURL);
 		
 		Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
 		
+	    if (!ParamValidatorUtils.isValidSourceID(sourceID))
+            throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
+		
+		
 		//load Target only from OA config
 		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
 				.getOnlineApplicationParameter(oaURL);
@@ -131,6 +139,8 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
 					new Object[] { oaURL });
 		}
 		
+		config.setSourceID(sourceID);
+		
 		config.setTarget(oaParam.getTarget());
 		
 //		request.getSession().setAttribute(PARAM_OA, oaURL);
-- 
cgit v1.2.3