From ac531e30d13d6714e2ac61f7329e6adc130aa288 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 May 2019 12:23:41 +0200 Subject: untested switch to EAAF-components 1.0.7 --- id/server/idserverlib/pom.xml | 5 +- .../id/auth/builder/AuthenticationDataBuilder.java | 22 +++++-- .../moa/id/auth/data/AuthenticationSession.java | 12 ++++ .../id/auth/data/VerifyXMLSignatureResponse.java | 1 - .../tasks/EvaluateSSOConsentsTaskImpl.java | 2 +- .../tasks/GenerateBKUSelectionFrameTask.java | 2 +- .../GenerateSSOConsentEvaluatorFrameTask.java | 2 +- .../parser/VerifyXMLSignatureResponseParser.java | 2 +- .../id/auth/servlet/GUILayoutBuilderServlet.java | 10 ++-- .../GeneralProcessEngineSignalController.java | 3 +- .../id/auth/servlet/IDPSingleLogOutServlet.java | 30 +++++----- .../moa/id/auth/servlet/RedirectServlet.java | 12 ++-- .../attributes/SimpleStringAttributeGenerator.java | 68 ---------------------- .../pvp2x/builder/SingleLogOutBuilder.java | 18 +++--- .../main/resources/moaid.authentication.beans.xml | 29 ++------- .../moa/id/config/auth/data/DummyAuthConfig.java | 12 ---- .../moa/id/config/auth/data/DummyAuthSession.java | 10 ++++ .../moa/id/config/auth/data/DummyAuthStorage.java | 2 +- .../src/test/java/test/tlenz/simpletest.java | 6 +- 19 files changed, 94 insertions(+), 154 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 4d8843ead..1fd6b3695 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -74,7 +74,6 @@ at.gv.egiz.components egiz-spring-api - 0.1 @@ -244,6 +243,10 @@ commons-discovery commons-discovery --> + + org.apache.commons + commons-text + commons-fileupload commons-fileupload diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index acf59cebf..25a508687 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -53,6 +53,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.XPathException; @@ -60,6 +61,7 @@ import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; @@ -84,7 +86,6 @@ import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; @@ -134,7 +135,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } @Override - public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException { + protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EAAFException { try { return buildAuthenticationData(pendingReq, pendingReq.getSessionData(AuthenticationSessionWrapper.class), @@ -145,7 +146,6 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder throw new EAAFAuthenticationException("builder.11", new Object[]{e.getMessage()}, e); } - } private IAuthData buildAuthenticationData(IRequest pendingReq, @@ -216,7 +216,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException, EAAFBuilderException { try { //generate basic authentication data - generateBasicAuthData(authData, protocolRequest, session); + generateDeprecatedBasicAuthData(authData, protocolRequest, session); //set Austrian eID demo-mode flag authData.setIseIDNewDemoMode(Boolean.parseBoolean( @@ -926,4 +926,18 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } } } + + @Override + protected IAuthData getAuthDataInstance(IRequest pendingReq) throws EAAFException { + throw new RuntimeException("This method is NOT supported by MOA-ID"); + + } + + @Override + protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) + throws EAAFException { + throw new RuntimeException("This method is NOT supported by MOA-ID"); + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index cadaec2a0..8b587c550 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -674,5 +674,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi result.put(GENERIC_PREFIX + el.getKey(), el.getValue()); return Collections.unmodifiableMap(result); + } + + @Override + public boolean isEIDProcess() { + return false; + + } + + @Override + public void setEIDProcess(boolean value) { + Logger.warn("set E-ID process will be ignored!!!"); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index c054976ec..636871a09 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -261,7 +261,6 @@ public Date getSigningDateTime() { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSigningDateTime(java.util.Date) */ -@Override public void setSigningDateTime(Date signingDateTime) { this.signingDateTime = signingDateTime; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index 375b144d7..4fefaf17b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -112,7 +112,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { requestStoreage.storePendingRequest(pendingReq); //redirect to auth. protocol finalization - performRedirectToProtocolFinialization(pendingReq, response); + performRedirectToProtocolFinialization(executionContext, pendingReq, request, response); } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index 98e632bd8..cc070f8fd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -73,7 +73,7 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_BKUSELECTION, GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); - guiBuilder.build(response, config, "BKU-Selection form"); + guiBuilder.build(request, response, config, "BKU-Selection form"); } catch (GUIBuildException e) { Logger.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java index 3c364e924..64c3721df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java @@ -71,7 +71,7 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_SENDASSERTION, GeneralProcessEngineSignalController.ENDPOINT_SENDASSERTION_EVALUATION); - guiBuilder.build(response, config, "SendAssertion-Evaluation"); + guiBuilder.build(request, response, config, "SendAssertion-Evaluation"); //Log consents evaluator event to revisionslog revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index c66353846..32660a3db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -176,7 +176,7 @@ public class VerifyXMLSignatureResponseParser { public IVerifiyXMLSignatureResponse parseData() throws ParseException { - IVerifiyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); + VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java index 18aa93cc9..6803264dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java @@ -59,7 +59,7 @@ public class GUILayoutBuilderServlet extends AbstractController { @Autowired AuthConfiguration authConfig; @Autowired IRequestStorage requestStoreage; - @Autowired IGUIFormBuilder formBuilder; + @Autowired IGUIFormBuilder formBuilder; public GUILayoutBuilderServlet() { super(); @@ -93,7 +93,7 @@ public class GUILayoutBuilderServlet extends AbstractController { } //build GUI component - formBuilder.build(resp, config, MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8, "BKUDetection-Frame"); + formBuilder.build(req, resp, config, MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8, "BKUDetection-Frame"); } catch (Exception e) { @@ -124,7 +124,7 @@ public class GUILayoutBuilderServlet extends AbstractController { null); //build GUI component - formBuilder.build(resp, config, "text/css; charset=UTF-8", "CSS-Form"); + formBuilder.build(req, resp, config, "text/css; charset=UTF-8", "CSS-Form"); } catch (Exception e) { Logger.warn("GUI ressource:'CSS' generation FAILED.", e); @@ -153,7 +153,7 @@ public class GUILayoutBuilderServlet extends AbstractController { GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); //build GUI component - formBuilder.build(resp, config, "text/javascript; charset=UTF-8", "JavaScript"); + formBuilder.build(req, resp, config, "text/javascript; charset=UTF-8", "JavaScript"); } catch (Exception e) { Logger.warn("GUI ressource:'JavaScript' generation FAILED.", e); @@ -168,7 +168,7 @@ public class GUILayoutBuilderServlet extends AbstractController { req.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID)); if (MiscUtil.isNotEmpty(pendingReqID)) { - IRequest pendingReq = requestStorage.getPendingRequest(pendingReqID); + IRequest pendingReq = requestStoreage.getPendingRequest(pendingReqID); if (pendingReq != null) { Logger.trace("GUI-Layout builder: Pending-request:" + pendingReqID + " found -> Build specific template"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java index 87325989a..09b18d9c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java @@ -31,6 +31,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; /** @@ -50,7 +51,7 @@ public class GeneralProcessEngineSignalController extends AbstractProcessEngineS "/signalProcess" }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { signalProcessManagement(req, resp); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index c39d78d8b..b7970e4fd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -37,7 +37,9 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService; import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; @@ -72,11 +74,13 @@ public class IDPSingleLogOutServlet extends AbstractController { @Autowired IAuthenticationManager authManager; @Autowired IAuthenticationSessionStoreage authenicationStorage; @Autowired SingleLogOutBuilder sloBuilder; + @Autowired IProtocolAuthenticationService protAuthService; + @Autowired(required=true) private IGUIFormBuilder guiBuilder; @RequestMapping(value = "/idpSingleLogout", method = {RequestMethod.GET}) public void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException, EAAFException { Logger.debug("Receive IDP-initiated SingleLogOut"); String authURL = HTTPUtils.extractAuthURLFromRequest(req); @@ -117,21 +121,21 @@ public class IDPSingleLogOutServlet extends AbstractController { null); if (MOAIDAuthConstants.SLOSTATUS_SUCCESS.equals(status)) - config.putCustomParameter("successMsg", + config.putCustomParameter(null, "successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); else - config.putCustomParameterWithOutEscaption("errorMsg", + config.putCustomParameterWithOutEscaption(null, "errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - guiBuilder.build(resp, config, "Single-LogOut GUI"); + guiBuilder.build(req, resp, config, "Single-LogOut GUI"); } catch (GUIBuildException e) { - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } catch (MOADatabaseException e) { - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } catch (EAAFException e) { - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } @@ -154,7 +158,7 @@ public class IDPSingleLogOutServlet extends AbstractController { } } catch (Exception e) { - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } @@ -166,7 +170,7 @@ public class IDPSingleLogOutServlet extends AbstractController { SLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class); if (sloContainer == null) { Logger.info("No Single LogOut processing information with ID: " + restartProcess); - handleErrorNoRedirect(new MOAIDException("slo.03", null), req, resp, false); + protAuthService.handleErrorNoRedirect(new MOAIDException("slo.03", null), req, resp, false); return; } @@ -233,10 +237,10 @@ public class IDPSingleLogOutServlet extends AbstractController { DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, null); - config.putCustomParameterWithOutEscaption("errorMsg", + config.putCustomParameterWithOutEscaption(null, "errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - guiBuilder.build(resp, config, "Single-LogOut GUI"); + guiBuilder.build(req, resp, config, "Single-LogOut GUI"); } catch (GUIBuildException e) { e.printStackTrace(); @@ -251,10 +255,10 @@ public class IDPSingleLogOutServlet extends AbstractController { DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, null); - config.putCustomParameter("successMsg", + config.putCustomParameter(null, "successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.02", null)); - guiBuilder.build(resp, config, "Single-LogOut GUI"); + guiBuilder.build(req, resp, config, "Single-LogOut GUI"); } catch (GUIBuildException e) { e.printStackTrace(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index 478462adb..abb19c6cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -122,9 +122,9 @@ public class RedirectServlet { authURL, DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, null); - config.putCustomParameterWithOutEscaption(URL, StringEscapeUtils.escapeHtml(url)); - config.putCustomParameter(TARGET, redirectTarget); - guiBuilder.build(resp, config, "RedirectForm.html"); + config.putCustomParameterWithOutEscaption(null, URL, StringEscapeUtils.escapeHtml(url)); + config.putCustomParameter(null, TARGET, redirectTarget); + guiBuilder.build(req, resp, config, "RedirectForm.html"); } else if (MiscUtil.isNotEmpty(interIDP)) { //store IDP identifier and redirect to generate AuthRequst service @@ -153,10 +153,10 @@ public class RedirectServlet { authURL, DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, null); - config.putCustomParameterWithOutEscaption(URL, StringEscapeUtils.escapeHtml(url)); - config.putCustomParameter(TARGET, redirectTarget); + config.putCustomParameterWithOutEscaption(null, URL, StringEscapeUtils.escapeHtml(url)); + config.putCustomParameter(null, TARGET, redirectTarget); - guiBuilder.build(resp, config, "RedirectForm.html"); + guiBuilder.build(req, resp, config, "RedirectForm.html"); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java deleted file mode 100644 index 5daa71b1f..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/SimpleStringAttributeGenerator.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.builder.attributes; - -import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; - -/** - * @author tlenz - * - */ -public class SimpleStringAttributeGenerator implements IAttributeGenerator { - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildStringAttribute(java.lang.String, java.lang.String, java.lang.String) - */ - @Override - public String buildStringAttribute(String friendlyName, String name, String value) { - return value; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int) - */ - @Override - public String buildIntegerAttribute(String friendlyName, String name, int value) { - return String.valueOf(value); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildLongAttribute(java.lang.String, java.lang.String, long) - */ - @Override - public String buildLongAttribute(String friendlyName, String name, long value) { - return String.valueOf(value); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildEmptyAttribute(java.lang.String, java.lang.String) - */ - @Override - public String buildEmptyAttribute(String friendlyName, String name) { - return null; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index 8229fb405..19b79d165 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -223,11 +223,11 @@ public class SingleLogOutBuilder { DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, null); - config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList); - config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL); - config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT)); + config.putCustomParameterWithOutEscaption(null, "redirectURLs", sloReqList); + config.putCustomParameterWithOutEscaption(null, "timeoutURL", timeOutURL); + config.putCustomParameter(null, "timeout", String.valueOf(SLOTIMEOUT)); - guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + guiBuilder.build(httpReq, httpResp, config, "Single-LogOut GUI"); } else { @@ -249,16 +249,16 @@ public class SingleLogOutBuilder { if (sloContainer.getSloFailedOAs() == null || sloContainer.getSloFailedOAs().size() == 0) { revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID); - config.putCustomParameter("successMsg", + config.putCustomParameter(null, "successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); } else { revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); - config.putCustomParameterWithOutEscaption("errorMsg", + config.putCustomParameterWithOutEscaption(null, "errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); } - guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + guiBuilder.build(httpReq, httpResp, config, "Single-LogOut GUI"); } @@ -285,11 +285,11 @@ public class SingleLogOutBuilder { null); revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); - config.putCustomParameterWithOutEscaption("errorMsg", + config.putCustomParameterWithOutEscaption(null, "errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); try { - guiBuilder.build(httpResp, config, "Single-LogOut GUI"); + guiBuilder.build(httpReq, httpResp, config, "Single-LogOut GUI"); } catch (GUIBuildException e1) { Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage()); diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml index 02c683305..794b62477 100644 --- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml @@ -21,36 +21,15 @@ - - - - - - - - - - - - - - - - - - - - - + + + diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java index c0ae06a82..75f704045 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java @@ -432,24 +432,12 @@ public class DummyAuthConfig implements AuthConfiguration { return false; } - @Override - public URI getConfigurationFilePath() { - // TODO Auto-generated method stub - return null; - } - @Override public URI getConfigurationRootDirectory() { // TODO Auto-generated method stub return null; } - @Override - public Properties getFullConfigurationProperties() { - // TODO Auto-generated method stub - return null; - } - @Override public ISPConfiguration getServiceProviderConfiguration(String arg0) throws EAAFConfigurationException { // TODO Auto-generated method stub diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java index ad68e089e..2d033d858 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java @@ -292,5 +292,15 @@ public class DummyAuthSession implements IAuthenticationSession, AuthProzessData } + @Override + public boolean isEIDProcess() { + return false; + } + + @Override + public void setEIDProcess(boolean value) { + + } + } diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java index 846819868..d774cc8c3 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java @@ -20,7 +20,7 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; public class DummyAuthStorage implements IAuthenticationSessionStoreage { - + @Override public AuthenticationSession createInternalSSOSession(IRequest target) throws MOADatabaseException, BuildException { // TODO Auto-generated method stub diff --git a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java index caf672d05..049c2324e 100644 --- a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java +++ b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java @@ -1,6 +1,5 @@ package test.tlenz; -import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileInputStream; import java.io.InputStream; @@ -27,8 +26,6 @@ import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; import iaik.asn1.ASN1; -import iaik.asn1.ASN1Object; -import iaik.utils.ASN1InputStream; /******************************************************************************* * Copyright 2014 Federal Chancellery Austria @@ -76,7 +73,8 @@ public class simpletest { try { try { - String test = "3082065406092A864886F70D010702A082064530820641020101310B300906052B240302010500300B06092A864886F70D010701A08204B3308204AF30820397A00302010202030E6CBE300D06092A864886F70D0101050500308197310B300906035504061302415431483046060355040A0C3F412D5472757374204765732E20662E20536963686572686569747373797374656D6520696D20656C656B74722E20446174656E7665726B65687220476D6248311E301C060355040B0C15612D7369676E2D5072656D69756D2D5369672D3032311E301C06035504030C15612D7369676E2D5072656D69756D2D5369672D3032301E170D3133303431303130343633335A170D3138303431303038343633335A305E310B30090603550406130241543116301406035504030C0D41726D696E20466973636865723110300E06035504040C0746697363686572310E300C060355042A0C0541726D696E311530130603550405130C3933373131343838363833343059301306072A8648CE3D020106082A8648CE3D03010703420004BF7ADE98B7CD89A0559F2BA9463454E08DBE3516A86BB7B8F4FDBB42FF24A03991AF5BD63D72197F63AB03C88260C31E4A9C17DB5E8681FCAE1D7CF90EB1ACD1A38202053082020130110603551D0E040A0408433A176E9B70B5CD300E0603551D0F0101FF0404030206C030130603551D23040C300A80084DDFE1FF4BD9C9DF301E0603551D1104173015811361726D696E40666973636865722E6F722E617430090603551D1304023000307B06082B06010505070101046F306D304206082B060105050730028636687474703A2F2F7777772E612D74727573742E61742F63657274732F612D7369676E2D5072656D69756D2D5369672D3032612E637274302706082B06010505073001861B687474703A2F2F6F6373702E612D74727573742E61742F6F63737030590603551D2004523050304406062A280011010B303A303806082B06010505070201162C687474703A2F2F7777772E612D74727573742E61742F646F63732F63702F612D7369676E2D5072656D69756D3008060604008B300101302706082B060105050701030101FF041830163008060604008E460101300A06082B06010505070B0130819A0603551D1F04819230818F30818CA08189A081868681836C6461703A2F2F6C6461702E612D74727573742E61742F6F753D612D7369676E2D5072656D69756D2D5369672D30322C6F3D412D54727573742C633D41543F63657274696669636174657265766F636174696F6E6C6973743F626173653F6F626A656374636C6173733D65696443657274696669636174696F6E417574686F72697479300D06092A864886F70D01010505000382010100352830958A68A260CFEFB1DA157C1452E22735A2BBC40F51A19D22481766537630C8E0C99CCE50F614E437ABFF943C7D6A69CCB0F79ED6A9B5356182DFBA095F3534671073D586F70B002CEF846E6D4447031AFBFE5D727D2A893688294D494C37454C187F15611EFDFA84D64D0C9D4E3EC9FF8A126A842EDB70D1F9AD497A1A11CC1363AAFD76D7412F21248B855363D3AB771C538D5610BC7F0FCEA359F33F5FA6A228E0539C16AF12A1B2DE608719CBE39C41AFE5BD0CDDC781F00C6A86B21BA252DD23DAEBB3B91CADE8278B330945CA11D4A77188197E744BA9B5288E9D4A4C7502D706D7CEA569D258E116E6ACE42F4C24449803076C30A7BABE26CAE7318201693082016502010130819F308197310B300906035504061302415431483046060355040A0C3F412D5472757374204765732E20662E20536963686572686569747373797374656D6520696D20656C656B74722E20446174656E7665726B65687220476D6248311E301C060355040B0C15612D7369676E2D5072656D69756D2D5369672D3032311E301C06035504030C15612D7369676E2D5072656D69756D2D5369672D303202030E6CBE300906052B240302010500A05F301806092A864886F70D010903310B06092A864886F70D010701301E06092A864886F70D0109053111180F32303137303631393130303130305A302306092A864886F70D010904311604149D0A3FDC7F8CED863952B468C927AC87CE227B68300E060A04007F0007010104010605000440002B459189C71E69CC13E111ED1F493D89681E0A815CCEA297AC3D76A48A75E7D11081F08D7A0FAA4210205D2B8A0A7A83E0F5211AD51BDE2581D4C4E400C06AA1000000000000000000000"; + //String test = "3082065406092A864886F70D010702A082064530820641020101310B300906052B240302010500300B06092A864886F70D010701A08204B3308204AF30820397A00302010202030E6CBE300D06092A864886F70D0101050500308197310B300906035504061302415431483046060355040A0C3F412D5472757374204765732E20662E20536963686572686569747373797374656D6520696D20656C656B74722E20446174656E7665726B65687220476D6248311E301C060355040B0C15612D7369676E2D5072656D69756D2D5369672D3032311E301C06035504030C15612D7369676E2D5072656D69756D2D5369672D3032301E170D3133303431303130343633335A170D3138303431303038343633335A305E310B30090603550406130241543116301406035504030C0D41726D696E20466973636865723110300E06035504040C0746697363686572310E300C060355042A0C0541726D696E311530130603550405130C3933373131343838363833343059301306072A8648CE3D020106082A8648CE3D03010703420004BF7ADE98B7CD89A0559F2BA9463454E08DBE3516A86BB7B8F4FDBB42FF24A03991AF5BD63D72197F63AB03C88260C31E4A9C17DB5E8681FCAE1D7CF90EB1ACD1A38202053082020130110603551D0E040A0408433A176E9B70B5CD300E0603551D0F0101FF0404030206C030130603551D23040C300A80084DDFE1FF4BD9C9DF301E0603551D1104173015811361726D696E40666973636865722E6F722E617430090603551D1304023000307B06082B06010505070101046F306D304206082B060105050730028636687474703A2F2F7777772E612D74727573742E61742F63657274732F612D7369676E2D5072656D69756D2D5369672D3032612E637274302706082B06010505073001861B687474703A2F2F6F6373702E612D74727573742E61742F6F63737030590603551D2004523050304406062A280011010B303A303806082B06010505070201162C687474703A2F2F7777772E612D74727573742E61742F646F63732F63702F612D7369676E2D5072656D69756D3008060604008B300101302706082B060105050701030101FF041830163008060604008E460101300A06082B06010505070B0130819A0603551D1F04819230818F30818CA08189A081868681836C6461703A2F2F6C6461702E612D74727573742E61742F6F753D612D7369676E2D5072656D69756D2D5369672D30322C6F3D412D54727573742C633D41543F63657274696669636174657265766F636174696F6E6C6973743F626173653F6F626A656374636C6173733D65696443657274696669636174696F6E417574686F72697479300D06092A864886F70D01010505000382010100352830958A68A260CFEFB1DA157C1452E22735A2BBC40F51A19D22481766537630C8E0C99CCE50F614E437ABFF943C7D6A69CCB0F79ED6A9B5356182DFBA095F3534671073D586F70B002CEF846E6D4447031AFBFE5D727D2A893688294D494C37454C187F15611EFDFA84D64D0C9D4E3EC9FF8A126A842EDB70D1F9AD497A1A11CC1363AAFD76D7412F21248B855363D3AB771C538D5610BC7F0FCEA359F33F5FA6A228E0539C16AF12A1B2DE608719CBE39C41AFE5BD0CDDC781F00C6A86B21BA252DD23DAEBB3B91CADE8278B330945CA11D4A77188197E744BA9B5288E9D4A4C7502D706D7CEA569D258E116E6ACE42F4C24449803076C30A7BABE26CAE7318201693082016502010130819F308197310B300906035504061302415431483046060355040A0C3F412D5472757374204765732E20662E20536963686572686569747373797374656D6520696D20656C656B74722E20446174656E7665726B65687220476D6248311E301C060355040B0C15612D7369676E2D5072656D69756D2D5369672D3032311E301C06035504030C15612D7369676E2D5072656D69756D2D5369672D303202030E6CBE300906052B240302010500A05F301806092A864886F70D010903310B06092A864886F70D010701301E06092A864886F70D0109053111180F32303137303631393130303130305A302306092A864886F70D010904311604149D0A3FDC7F8CED863952B468C927AC87CE227B68300E060A04007F0007010104010605000440002B459189C71E69CC13E111ED1F493D89681E0A815CCEA297AC3D76A48A75E7D11081F08D7A0FAA4210205D2B8A0A7A83E0F5211AD51BDE2581D4C4E400C06AA1000000000000000000000"; + String test = "308006092a864886f70d010702a0803080020101310f300d06096086480165030402010500308006092a864886f70d0107010000a08204953082049130820379a0030201020203133594300d06092a864886f70d0101050500308197310b300906035504061302415431483046060355040a0c3f412d5472757374204765732e20662e20536963686572686569747373797374656d6520696d20656c656b74722e20446174656e7665726b65687220476d6248311e301c060355040b0c15612d7369676e2d5072656d69756d2d5369672d3032311e301c06035504030c15612d7369676e2d5072656d69756d2d5369672d3032301e170d3134303530323039303734395a170d3139303530323039303734395a3060310b30090603550406130241543117301506035504030c0e4d6178204d75737465726d616e6e3113301106035504040c0a4d75737465726d616e6e310c300a060355042a0c034d6178311530130603550405130c3237333736313333323837363059301306072a8648ce3d020106082a8648ce3d03010703420004f7be38b8b730fd5ab3b62a54de3ca256f0f81c0b99116affce3326258448a23a1406207d6e9a8b217fee06466d43d7bed6cbf27c4e3049600576b66f8836a5f3a38201e5308201e130110603551d0e040a04084daa6d7cb1103d48300e0603551d0f0101ff0404030206c030130603551d23040c300a80084ddfe1ff4bd9c9df30090603551d1304023000307b06082b06010505070101046f306d304206082b060105050730028636687474703a2f2f7777772e612d74727573742e61742f63657274732f612d7369676e2d5072656d69756d2d5369672d3032612e637274302706082b06010505073001861b687474703a2f2f6f6373702e612d74727573742e61742f6f63737030590603551d2004523050304406062a280011010b303a303806082b06010505070201162c687474703a2f2f7777772e612d74727573742e61742f646f63732f63702f612d7369676e2d5072656d69756d3008060604008b300101302706082b060105050701030101ff041830163008060604008e460101300a06082b06010505070b0130819a0603551d1f04819230818f30818ca08189a081868681836c6461703a2f2f6c6461702e612d74727573742e61742f6f753d612d7369676e2d5072656d69756d2d5369672d30322c6f3d412d54727573742c633d41543f63657274696669636174657265766f636174696f6e6c6973743f626173653f6f626a656374636c6173733d65696443657274696669636174696f6e417574686f72697479300d06092a864886f70d01010505000382010100cd7da6254ccf3aec8479bddc2539ceb9ef591a1b51d8757bb6851d2974c909ada603ec18cf96da6a829ca71a6e55d84855f4d7e34776dc1b709c551e466069d6f3e1b805491ef86a9ac3e95ad871d3d382eab50e9268ea0b7312e40304d8215c6c42e5a101a73f839f47aa55ef47642c471d9e1852c6a67c5b0b6aab13d0e7340c0fdfc284a90ee1460baf17cab1d1eecfb513704fdd2460e65dd56fb644e19cc0a80883f31da1d4872809797964e6dc3bd6e09beb45ebc39abcb9356f564f24e2b01fdd9aa6b5353c8ee37f6938fc4b7de1480b4889c9a9b16d16a161db060fb0aa3681175209b7e48b9892c6de847eb76c5122f0543e637b7bc259a8507b883182010d3082010902010130819f308197310b300906035504061302415431483046060355040a0c3f412d5472757374204765732e20662e20536963686572686569747373797374656d6520696d20656c656b74722e20446174656e7665726b65687220476d6248311e301c060355040b0c15612d7369676e2d5072656d69756d2d5369672d3032311e301c06035504030c15612d7369676e2d5072656d69756d2d5369672d30320203133594300d06096086480165030402010500300b06072a8648ce3d0201050004463044022079c3a32116fba799d77df0458e88f1d3370251382030f8d54f136afbe6635c39022072dc7bc7411a96b47717817f9c851954f6b511a30e47944221acc985bab6502b00000000000000000"; byte[] bytes = new byte[test.length()/2]; for (int i=0; i Date: Wed, 29 May 2019 14:04:44 +0200 Subject: refactoring from MOA-ID 3.4.x to MOA E-ID Proxy 4.0.x --- .../config/ConfigurationProvider.java | 5 + .../id/configuration/data/GeneralMOAIDConfig.java | 320 ++++++----- .../data/oa/OAAuthenticationData.java | 63 ++- .../configuration/struts/action/BasicAction.java | 17 + .../configuration/struts/action/BasicOAAction.java | 6 +- .../struts/action/EditGeneralConfigAction.java | 598 +++++++++++---------- .../configuration/struts/action/EditOAAction.java | 42 +- .../struts/action/InterfederationIDPAction.java | 7 +- .../validation/moaconfig/MOAConfigValidator.java | 421 ++++++++------- .../oa/OAAuthenticationDataValidation.java | 8 + .../resources/applicationResources_de.properties | 9 +- .../resources/applicationResources_en.properties | 9 +- .../src/main/webapp/jsp/editMOAConfig.jsp | 524 +++++++++--------- .../src/main/webapp/jsp/editOAGeneral.jsp | 55 +- .../main/webapp/jsp/snippets/OA/authentication.jsp | 24 +- .../webapp/jsp/snippets/OA/targetConfiguration.jsp | 40 +- .../src/main/webapp/jsp/snippets/main_menu.jsp | 12 +- .../task/impl/GeneralMOAIDConfigurationTask.java | 87 +-- .../ServicesAuthenticationInformationTask.java | 19 +- id/server/auth-final/pom.xml | 4 + id/server/idserverlib/pom.xml | 19 +- .../id/advancedlogging/MOAIDEventConstants.java | 6 + .../moa/id/auth/MOAIDAuthInitializer.java | 2 +- .../id/auth/builder/AuthenticationDataBuilder.java | 2 +- .../id/auth/modules/BKUSelectionModuleImpl.java | 9 +- .../id/auth/servlet/IDPSingleLogOutServlet.java | 21 +- .../PropertyBasedAuthConfigurationProvider.java | 7 +- .../gv/egovernment/moa/id/data/IMOAAuthData.java | 5 +- .../moa/id/data/MOAAuthenticationData.java | 20 +- .../moa/id/moduls/AuthenticationManager.java | 16 +- .../pvp2x/metadata/MOAMetadataProvider.java | 6 +- .../pvp2x/signer/IDPCredentialProvider.java | 3 +- .../protocols/pvp2x/utils/MOASAMLSOAPClient.java | 4 +- .../at/gv/egovernment/moa/id/util/SSLUtils.java | 4 +- ....egiz.eaaf.core.api.idp.auth.modules.AuthModule | 1 - .../main/resources/moaid.authentication.beans.xml | 26 + .../resources/properties/id_messages_de.properties | 2 + .../moa/id/config/auth/data/DummyAuthConfig.java | 12 +- .../config/ConfigurationMigrationUtils.java | 19 +- .../config/MOAIDConfigurationConstants.java | 7 +- .../dao/config/deprecated/MOAIDConfiguration.java | 14 + .../dao/config/deprecated/OnlineApplication.java | 14 +- ...roviderSpecificGUIFormBuilderConfiguration.java | 6 + .../DefaultGUIFormBuilderConfiguration.java | 5 + .../id/util/client/mis/simple/MISSimpleClient.java | 2 +- .../EidasCentralAuthMetadataController.java | 2 +- .../utils/EidasCentralAuthMetadataProvider.java | 4 +- .../modules/moa-id-module-E-ID_connector/pom.xml | 70 +++ .../eidproxyauth/EIDProxyAuthConstants.java | 118 ++++ .../eidproxyauth/EIDProxyAuthModuleImpl.java | 71 +++ .../EIDProxyAuthSpringResourceProvider.java | 63 +++ .../config/EIDAuthMetadataConfiguration.java | 355 ++++++++++++ .../config/EIDAuthRequestBuilderConfiguration.java | 271 ++++++++++ .../controller/EIDAuthMetadataController.java | 133 +++++ .../controller/EIDAuthSignalController.java | 68 +++ .../eidproxyauth/tasks/CreateAuthnRequestTask.java | 146 +++++ .../tasks/ReceiveAuthnResponseTask.java | 286 ++++++++++ .../utils/EIDAuthCredentialProvider.java | 124 +++++ .../utils/EIDAuthMetadataProvider.java | 347 ++++++++++++ .../id/auth/modules/eidproxyauth/utils/Utils.java | 45 ++ .../main/resources/EID_connector_auth.process.xml | 17 + ...iz.components.spring.api.SpringResourceProvider | 1 + .../main/resources/moaid_EID_connector.beans.xml | 43 ++ .../engine/MOAeIDASChainingMetadataProvider.java | 6 +- .../ReceiveConsentForAddtionalAttributesTask.java | 2 +- .../utils/ELGAMandateServiceMetadataProvider.java | 4 +- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 6 +- .../sl20_auth/tasks/ReceiveQualeIDTask.java | 6 +- .../sl20_auth/tasks/VerifyQualifiedeIDTask.java | 2 +- .../sl20_auth/dummydata/DummyAuthConfig.java | 21 +- .../data/SSOTransferAuthenticationData.java | 13 + .../protocols/saml1/SAML1AuthenticationServer.java | 40 ++ id/server/modules/module-monitoring/pom.xml | 6 +- id/server/modules/pom.xml | 3 +- pom.xml | 27 +- 75 files changed, 3723 insertions(+), 1079 deletions(-) create mode 100644 id/server/modules/moa-id-module-E-ID_connector/pom.xml create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthSpringResourceProvider.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthMetadataConfiguration.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthRequestBuilderConfiguration.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthMetadataController.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthSignalController.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthCredentialProvider.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthMetadataProvider.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/resources/EID_connector_auth.process.xml create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider create mode 100644 id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml (limited to 'id/server/idserverlib') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index 39cd0980b..656c9cc83 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -326,6 +326,11 @@ public class ConfigurationProvider { return configRootDir; } + public boolean isMOAIDMode() { + String result = props.getProperty("general.moaidmode.active", "false"); + return Boolean.parseBoolean(result); + } + public String getMOAIDInstanceURL() { return props.getProperty("general.moaid.instance.url"); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index dc6e840d7..11fbccc0a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -55,6 +55,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoT import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TrustAnchor; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; @@ -88,6 +89,7 @@ public class GeneralMOAIDConfig { private String mandateURL = null; private String szrgwURL = null; private String elgaMandateServiceURL = null; + private String eidSystemServiceURL = null; private boolean protocolActiveSAML1 = false; private boolean protocolActivePVP21 = true; @@ -131,7 +133,16 @@ public class GeneralMOAIDConfig { private String publicURLPrefix = null; private boolean virtualPublicURLPrefixEnabled = false; + private boolean moaidMode = false; + public GeneralMOAIDConfig() { + try { + this.moaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (ConfigurationException e) { + e.printStackTrace(); + + } + chainigmodelist = new HashMap(); ChainingModeType[] values = ChainingModeType.values(); for (int i=0; i list = authblock.getVerifyTransformsInfoProfileID(); - if (list.size() == 1) - moaspssAuthTransformations += list.get(0); - else { - for (String el : list) - moaspssAuthTransformations += el + LINE_DELIMITER + "\n"; + + //deactive STORK + if (isMoaidMode()) { + ForeignIdentities foreign = auth.getForeignIdentities(); + if (foreign != null) { + ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter(); + if (connect_foreign != null) { + if (MiscUtil.isNotEmpty(connect_foreign.getURL())) { + if (KeyValueUtils.isCSVValueString(connect_foreign.getURL())) + szrgwURL = KeyValueUtils.normalizeCSVValueString(connect_foreign.getURL()); + + else { + if (connect_foreign.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + szrgwURL = connect_foreign.getURL().substring(0, + connect_foreign.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + szrgwURL = connect_foreign.getURL(); + + } + + } + } + + STORK stork = foreign.getSTORK(); + if (stork != null) { + //TODO: add Stork config + + } } } - VerifyIdentityLink idl = moaspss.getVerifyIdentityLink(); - if (idl != null) { - moaspssIdlTrustProfile = idl.getTrustProfileID(); - moaspssIdlTrustProfileTest = idl.getTestTrustProfileID(); - } } - - OnlineMandates mandates = auth.getOnlineMandates(); - if (mandates != null) { - ConnectionParameterClientAuthType con = mandates.getConnectionParameter(); - if (con != null) { - if (MiscUtil.isNotEmpty(con.getURL())) { - if (KeyValueUtils.isCSVValueString(con.getURL())) - mandateURL = KeyValueUtils.normalizeCSVValueString(con.getURL()); + + if (isMoaidMode()) { + MOASP moaspss = auth.getMOASP(); + if (moaspss != null) { + ConnectionParameterClientAuthType con = moaspss.getConnectionParameter(); + if (con != null) + moaspssURL = con.getURL(); + + VerifyAuthBlock authblock = moaspss.getVerifyAuthBlock(); + if (authblock != null) { + moaspssAuthTrustProfile = authblock.getTrustProfileID(); + moaspssAuthTrustProfileTest = authblock.getTestTrustProfileID(); + List list = authblock.getVerifyTransformsInfoProfileID(); + if (list.size() == 1) + moaspssAuthTransformations += list.get(0); else { - if (con.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - mandateURL = con.getURL().substring(0, - con.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - mandateURL = con.getURL(); - + for (String el : list) + moaspssAuthTransformations += el + LINE_DELIMITER + "\n"; } + } + VerifyIdentityLink idl = moaspss.getVerifyIdentityLink(); + if (idl != null) { + moaspssIdlTrustProfile = idl.getTrustProfileID(); + moaspssIdlTrustProfileTest = idl.getTestTrustProfileID(); + } + } + + OnlineMandates mandates = auth.getOnlineMandates(); + if (mandates != null) { + ConnectionParameterClientAuthType con = mandates.getConnectionParameter(); + if (con != null) { + if (MiscUtil.isNotEmpty(con.getURL())) { + if (KeyValueUtils.isCSVValueString(con.getURL())) + mandateURL = KeyValueUtils.normalizeCSVValueString(con.getURL()); + + else { + if (con.getURL().contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + mandateURL = con.getURL().substring(0, + con.getURL().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + mandateURL = con.getURL(); + + } + + } + } - } } @@ -330,9 +364,12 @@ public class GeneralMOAIDConfig { } - OAuth oauth = protocols.getOAuth(); - if (oauth != null) { - protocolActiveOAuth = oauth.isIsActive(); + if (isMoaidMode()) { + OAuth oauth = protocols.getOAuth(); + if (oauth != null) { + protocolActiveOAuth = oauth.isIsActive(); + + } } @@ -361,73 +398,79 @@ public class GeneralMOAIDConfig { pvp2OrgName = org.getName(); pvp2OrgURL = org.getURL(); } - } + } + } - SecurityLayer seclayer = auth.getSecurityLayer(); - if (seclayer != null) { - List list = seclayer.getTransformsInfo(); + if (isMoaidMode()) { + SecurityLayer seclayer = auth.getSecurityLayer(); + if (seclayer != null) { + List list = seclayer.getTransformsInfo(); + + for (TransformsInfoType el : list) { + fileUploadFileName.add(el.getFilename()); + } + } - for (TransformsInfoType el : list) { - fileUploadFileName.add(el.getFilename()); + SSO sso = auth.getSSO(); + if (sso != null) { + ssoFriendlyName = sso.getFriendlyName(); + + // IdentificationNumber idl = sso.getIdentificationNumber(); + // if (idl != null) + // ssoIdentificationNumber = idl.getValue(); + + //INFO: only for backup + if (MiscUtil.isEmpty(publicURLPrefix)) + publicURLPrefix = sso.getPublicURL(); + + ssoSpecialText = sso.getSpecialText(); + + if (MiscUtil.isNotEmpty(sso.getTarget()) && + sso.getTarget().startsWith(Constants.PREFIX_WPBK)) { + ssoTarget = sso.getTarget().substring(Constants.PREFIX_WPBK.length()). + replace("+", ""); + + } else + ssoTarget = sso.getTarget(); + } } - SSO sso = auth.getSSO(); - if (sso != null) { - ssoFriendlyName = sso.getFriendlyName(); - -// IdentificationNumber idl = sso.getIdentificationNumber(); -// if (idl != null) -// ssoIdentificationNumber = idl.getValue(); - - //INFO: only for backup - if (MiscUtil.isEmpty(publicURLPrefix)) - publicURLPrefix = sso.getPublicURL(); - - ssoSpecialText = sso.getSpecialText(); - - if (MiscUtil.isNotEmpty(sso.getTarget()) && - sso.getTarget().startsWith(Constants.PREFIX_WPBK)) { - ssoTarget = sso.getTarget().substring(Constants.PREFIX_WPBK.length()). - replace("+", ""); + ChainingModes modes = config.getChainingModes(); + if (modes != null) { + ChainingModeType defaultmode = modes.getSystemDefaultMode(); + if (defaultmode != null) { + + defaultchainigmode = defaultmode.value(); - } else - ssoTarget = sso.getTarget(); + } + List trustanchor = modes.getTrustAnchor(); + if (trustanchor != null) { + //TODO: set addional trust anchors!!!! + } } - } - - ChainingModes modes = config.getChainingModes(); - if (modes != null) { - ChainingModeType defaultmode = modes.getSystemDefaultMode(); - if (defaultmode != null) { - - defaultchainigmode = defaultmode.value(); - + + DefaultBKUs defaultbkus = config.getDefaultBKUs(); + if (defaultbkus != null) { + defaultBKUHandy = defaultbkus.getHandyBKU(); + defaultBKULocal = defaultbkus.getLocalBKU(); + defaultBKUOnline = defaultbkus.getOnlineBKU(); } - List trustanchor = modes.getTrustAnchor(); - if (trustanchor != null) { - //TODO: set addional trust anchors!!!! + SLRequestTemplates slreq = config.getSLRequestTemplates(); + if (slreq != null) { + SLRequestTemplateHandy = slreq.getHandyBKU(); + SLRequestTemplateLocal = slreq.getLocalBKU(); + SLRequestTemplateOnline = slreq.getOnlineBKU(); } + } trustedCACerts = config.getTrustedCACertificates(); - DefaultBKUs defaultbkus = config.getDefaultBKUs(); - if (defaultbkus != null) { - defaultBKUHandy = defaultbkus.getHandyBKU(); - defaultBKULocal = defaultbkus.getLocalBKU(); - defaultBKUOnline = defaultbkus.getOnlineBKU(); - } - - SLRequestTemplates slreq = config.getSLRequestTemplates(); - if (slreq != null) { - SLRequestTemplateHandy = slreq.getHandyBKU(); - SLRequestTemplateLocal = slreq.getLocalBKU(); - SLRequestTemplateOnline = slreq.getOnlineBKU(); - } + } } @@ -1099,10 +1142,25 @@ public class GeneralMOAIDConfig { this.elgaMandateServiceURL = elgaMandateServiceURL; } - - - - - + /** + * @return the eidSystemServiceURL + */ + public String getEidSystemServiceURL() { + return eidSystemServiceURL; + } + + /** + * @param eidSystemServiceURL the elgaMandateServiceURL to set + */ + public void setEidSystemeServiceURL(String eidSystemServiceURL) { + if (MiscUtil.isNotEmpty(eidSystemServiceURL)) + this.eidSystemServiceURL = KeyValueUtils.removeAllNewlineFromString(eidSystemServiceURL); + else + this.eidSystemServiceURL = eidSystemServiceURL; + } + + public boolean isMoaidMode() { + return moaidMode; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java index e896bb80b..b3db074a2 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -66,9 +66,11 @@ public class OAAuthenticationData implements IOnlineApplicationData { private List misServicesList = new ArrayList(); private List elgaServicesList = new ArrayList(); private List szrgwServicesList = new ArrayList(); + private List eidServicesList = new ArrayList(); private String misServiceSelected = null; private String elgaServiceSelected = null; private String szrgwServiceSelected = null; + private String eidServiceSelected = null; private boolean calculateHPI = false; @@ -90,10 +92,20 @@ public class OAAuthenticationData implements IOnlineApplicationData { private boolean sl20Active = false; private String sl20EndPoints = null; + private boolean isMoaidMode = false; + /** + * @param isMoaidMode * */ public OAAuthenticationData() { + try { + this.isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (ConfigurationException e) { + e.printStackTrace(); + + } + keyBoxIdentifierList = new HashMap(); MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values(); for (int i=0; i parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { keyBoxIdentifier = dbOA.getKeyBoxIdentifier().value(); - szrgwServiceSelected = dbOA.getSelectedSZRGWServiceURL(); + szrgwServiceSelected = dbOA.getSelectedSZRGWServiceURL(); + eidServiceSelected = dbOA.getSelectedEIDServiceURL(); AuthComponentOA oaauth = dbOA.getAuthComponentOA(); if (oaauth != null) { @@ -302,6 +324,10 @@ public class OAAuthenticationData implements IOnlineApplicationData { if (MiscUtil.isNotEmpty(getSzrgwServiceSelected())) dbOA.setSelectedSZRGWServiceURL(getSzrgwServiceSelected()); + + if (MiscUtil.isNotEmpty(getEidServiceSelected())) + dbOA.setSelectedEIDServiceURL(getEidServiceSelected()); + if (authUser.isAdmin()) { //store BKU-URLs @@ -800,7 +826,18 @@ public class OAAuthenticationData implements IOnlineApplicationData { return szrgwServicesList; } + public List getEidServicesList() { + return eidServicesList; + } + + public String getEidServiceSelected() { + return eidServiceSelected; + } + public void setEidServiceSelected(String eidServiceSelected) { + this.eidServiceSelected = eidServiceSelected; + } + public boolean isSl20Active() { return sl20Active; } @@ -820,7 +857,9 @@ public class OAAuthenticationData implements IOnlineApplicationData { else this.sl20EndPoints = sl20EndPoints; } + + public boolean isMoaidMode() { + return isMoaidMode; + } - - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java index 0d0cda246..9bbbe3df0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java @@ -56,6 +56,17 @@ public class BasicAction extends ActionSupport implements ServletRequestAware, protected HttpSession session = null; protected String formID; + protected static boolean isMoaidMode = false; + + public BasicAction() { + try { + isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (ConfigurationException e) { + log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e); + } + } + + protected void populateBasicInformations() throws BasicActionException { try { configuration = ConfigurationProvider.getInstance(); @@ -115,6 +126,12 @@ public class BasicAction extends ActionSupport implements ServletRequestAware, public void setFormID(String formID) { this.formID = formID; } + + + public static boolean isMoaidMode() { + return isMoaidMode; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java index 9e0b8b1cd..20db561d6 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java @@ -88,10 +88,14 @@ public class BasicOAAction extends BasicAction { private InputStream stream = null; + + /** * */ - public BasicOAAction() { + public BasicOAAction() { + super(); + formList = new LinkedHashMap(); OAGeneralConfig generalOA = new OAGeneralConfig(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index c3e8c459e..7c3daf928 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -65,7 +65,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoT import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; @@ -100,19 +102,22 @@ public class EditGeneralConfigAction extends BasicAction { MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration(); - + moaconfig = new GeneralMOAIDConfig(); - moaconfig.parse(dbconfig); - storkconfig = new GeneralStorkConfig(); - storkconfig.parse(dbconfig); - + moaconfig.parse(dbconfig); if (moaconfig == null) { log.error("MOA configuration is null"); } - if (storkconfig == null) { - log.error("Stork configuration is null"); + if (moaconfig.isMoaidMode()) { + storkconfig = new GeneralStorkConfig(); + storkconfig.parse(dbconfig); + if (storkconfig == null) { + log.error("Stork configuration is null"); + } } + + formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); @@ -149,13 +154,21 @@ public class EditGeneralConfigAction extends BasicAction { } session.setAttribute(Constants.SESSION_FORMID, null); + boolean isMoaidMode = false; + try { + isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode(); + } catch (ConfigurationException e) { + log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e); + } + if (authUser.isAdmin()) { MOAConfigValidator validator = new MOAConfigValidator(); - List errors = validator.validate(moaconfig, request); + List errors = validator.validate(moaconfig, request, isMoaidMode); - errors.addAll(new StorkConfigValidator().validate(storkconfig, request)); + if (isMoaidMode) + errors.addAll(new StorkConfigValidator().validate(storkconfig, request)); if (errors.size() > 0) { log.info("General MOA-ID configuration has some errors."); @@ -181,7 +194,7 @@ public class EditGeneralConfigAction extends BasicAction { } } - String error = saveFormToDatabase(); + String error = saveFormToDatabase(isMoaidMode); if (error != null) { log.warn("General MOA-ID config can not be stored in Database"); @@ -218,7 +231,7 @@ public class EditGeneralConfigAction extends BasicAction { return Constants.STRUTS_SUCCESS; } - private String saveFormToDatabase() { + private String saveFormToDatabase(boolean isMoaidMode) { log.debug("Saving form to database"); // log.error("Saving form to db"); @@ -370,20 +383,24 @@ public class EditGeneralConfigAction extends BasicAction { } + OAuth oauth= dbprotocols.getOAuth(); if (oauth == null) { oauth = new OAuth(); dbprotocols.setOAuth(oauth); } - oauth.setIsActive(moaconfig.isProtocolActiveOAuth()); - + PVP2 pvp2 = dbprotocols.getPVP2(); if (pvp2 == null) { pvp2 = new PVP2(); dbprotocols.setPVP2(pvp2); } - pvp2.setIsActive(moaconfig.isProtocolActivePVP21()); + if (isMoaidMode) { + oauth.setIsActive(moaconfig.isProtocolActiveOAuth()); + pvp2.setIsActive(moaconfig.isProtocolActivePVP21()); + + } if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName())) pvp2.setIssuerName(moaconfig.getPvp2IssuerName()); @@ -437,80 +454,6 @@ public class EditGeneralConfigAction extends BasicAction { if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getType())) cont.setType(moaconfig.getPvp2Contact().getType()); - SSO dbsso = dbauth.getSSO(); - if (dbsso == null) { - dbsso = new SSO(); - dbauth.setSSO(dbsso); - } - - if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName())) - dbsso.setFriendlyName(StringHelper.getUTF8String( - moaconfig.getSsoFriendlyName())); - if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText())) - dbsso.setSpecialText(StringHelper.getUTF8String( - moaconfig.getSsoSpecialText())); -// if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl())) -// dbsso.setPublicURL(moaconfig.getSsoPublicUrl()); - - if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) { - - if (!ValidationHelper.isValidAdminTarget(moaconfig.getSsoTarget())) { - String num = moaconfig.getSsoTarget().replaceAll(" ", ""); - String pre = null; - if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { - num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); - - num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); - pre = Constants.IDENIFICATIONTYPE_FN; - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) { - num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); - pre = Constants.IDENIFICATIONTYPE_ZVR; - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)){ - num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); - pre = Constants.IDENIFICATIONTYPE_ERSB; - } - - dbsso.setTarget(Constants.PREFIX_WPBK + pre + "+" + num); - - } else { - dbsso.setTarget(moaconfig.getSsoTarget()); - - } - } -// if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) { -// IdentificationNumber ssoid = dbsso.getIdentificationNumber(); -// if (ssoid == null) { -// ssoid = new IdentificationNumber(); -// dbsso.setIdentificationNumber(ssoid); -// } -// ssoid.setValue(moaconfig.getSsoIdentificationNumber()); -// } - - DefaultBKUs dbbkus = dbconfig.getDefaultBKUs(); - - if (dbbkus == null) { - dbbkus = new DefaultBKUs(); - dbconfig.setDefaultBKUs(dbbkus); - } - - if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUHandy())) - dbbkus.setHandyBKU(moaconfig.getDefaultBKUHandy()); - else - dbbkus.setHandyBKU(new String()); - - if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUOnline())) - dbbkus.setOnlineBKU(moaconfig.getDefaultBKUOnline()); - else - dbbkus.setOnlineBKU(new String()); - - if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKULocal())) - dbbkus.setLocalBKU(moaconfig.getDefaultBKULocal()); - else - dbbkus.setLocalBKU(new String()); ChainingModes dbchainingmodes = dbconfig.getChainingModes(); if (dbchainingmodes == null) { @@ -521,230 +464,331 @@ public class EditGeneralConfigAction extends BasicAction { dbchainingmodes.setSystemDefaultMode( ChainingModeType.fromValue("pkix")); - IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners(); - if (idlsigners == null) { - idlsigners = new IdentityLinkSigners(); - dbauth.setIdentityLinkSigners(idlsigners); - } - - ForeignIdentities dbforeign = dbauth.getForeignIdentities(); - if (dbforeign == null) { - dbforeign = new ForeignIdentities(); - dbauth.setForeignIdentities(dbforeign); - } - if (MiscUtil.isNotEmpty(moaconfig.getSzrgwURL())) { - ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter(); - if (forcon == null) { - forcon = new ConnectionParameterClientAuthType(); - dbforeign.setConnectionParameter(forcon); + if (isMoaidMode) { + SSO dbsso = dbauth.getSSO(); + if (dbsso == null) { + dbsso = new SSO(); + dbauth.setSSO(dbsso); } - if (KeyValueUtils.isCSVValueString(moaconfig.getSzrgwURL())) - forcon.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getSzrgwURL())); + if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName())) + dbsso.setFriendlyName(StringHelper.getUTF8String( + moaconfig.getSsoFriendlyName())); + if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText())) + dbsso.setSpecialText(StringHelper.getUTF8String( + moaconfig.getSsoSpecialText())); + // if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl())) + // dbsso.setPublicURL(moaconfig.getSsoPublicUrl()); + + if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) { - else { - if (moaconfig.getSzrgwURL().contains(KeyValueUtils.CSV_DELIMITER)) - forcon.setURL( - moaconfig.getSzrgwURL().trim().substring(0, - moaconfig.getSzrgwURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + if (!ValidationHelper.isValidAdminTarget(moaconfig.getSsoTarget())) { + String num = moaconfig.getSsoTarget().replaceAll(" ", ""); + String pre = null; + if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); + + num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); + pre = Constants.IDENIFICATIONTYPE_FN; + } - else - forcon.setURL( - StringUtils.chomp(moaconfig.getSzrgwURL().trim())); - + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) { + num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + pre = Constants.IDENIFICATIONTYPE_ZVR; + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)){ + num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); + pre = Constants.IDENIFICATIONTYPE_ERSB; + } + + dbsso.setTarget(Constants.PREFIX_WPBK + pre + "+" + num); + + } else { + dbsso.setTarget(moaconfig.getSsoTarget()); + + } } + // if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) { + // IdentificationNumber ssoid = dbsso.getIdentificationNumber(); + // if (ssoid == null) { + // ssoid = new IdentificationNumber(); + // dbsso.setIdentificationNumber(ssoid); + // } + // ssoid.setValue(moaconfig.getSsoIdentificationNumber()); + // } + + DefaultBKUs dbbkus = dbconfig.getDefaultBKUs(); + + if (dbbkus == null) { + dbbkus = new DefaultBKUs(); + dbconfig.setDefaultBKUs(dbbkus); + } + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUHandy())) + dbbkus.setHandyBKU(moaconfig.getDefaultBKUHandy()); + else + dbbkus.setHandyBKU(new String()); + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUOnline())) + dbbkus.setOnlineBKU(moaconfig.getDefaultBKUOnline()); + else + dbbkus.setOnlineBKU(new String()); + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKULocal())) + dbbkus.setLocalBKU(moaconfig.getDefaultBKULocal()); + else + dbbkus.setLocalBKU(new String()); - } + - ForeignIdentities foreign = dbauth.getForeignIdentities(); - if (foreign != null) { - STORK stork = foreign.getSTORK(); - if (stork == null) { - stork = new STORK(); - foreign.setSTORK(stork); - + IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners(); + if (idlsigners == null) { + idlsigners = new IdentityLinkSigners(); + dbauth.setIdentityLinkSigners(idlsigners); + } + + ForeignIdentities dbforeign = dbauth.getForeignIdentities(); + if (dbforeign == null) { + dbforeign = new ForeignIdentities(); + dbauth.setForeignIdentities(dbforeign); } - - try { - log.error("QAAAA " + storkconfig.getDefaultQaa()); - stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa()); - if (storkconfig.getAttributes() != null) { - List dbStorkAttr = new ArrayList(); - stork.setAttributes(dbStorkAttr); - + if (MiscUtil.isNotEmpty(moaconfig.getSzrgwURL())) { + ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter(); + if (forcon == null) { + forcon = new ConnectionParameterClientAuthType(); + dbforeign.setConnectionParameter(forcon); + } + + if (KeyValueUtils.isCSVValueString(moaconfig.getSzrgwURL())) + forcon.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getSzrgwURL())); - for (StorkAttribute attr : storkconfig.getAttributes()) { - if (attr != null && MiscUtil.isNotEmpty(attr.getName())) - dbStorkAttr.add(attr); + else { + if (moaconfig.getSzrgwURL().contains(KeyValueUtils.CSV_DELIMITER)) + forcon.setURL( + moaconfig.getSzrgwURL().trim().substring(0, + moaconfig.getSzrgwURL().indexOf(KeyValueUtils.CSV_DELIMITER))); - else - log.info("Remove null or empty STORK attribute"); - } - - } else - stork.setAttributes((List) (new ArrayList())); - - if (storkconfig.getCpepslist() != null) { - List dbStorkCPEPS = new ArrayList(); - stork.setCPEPS(dbStorkCPEPS); + else + forcon.setURL( + StringUtils.chomp(moaconfig.getSzrgwURL().trim())); + + } + + } + + ForeignIdentities foreign = dbauth.getForeignIdentities(); + if (foreign != null) { + STORK stork = foreign.getSTORK(); + if (stork == null) { + stork = new STORK(); + foreign.setSTORK(stork); - for (CPEPS cpeps : storkconfig.getCpepslist()) { - if (cpeps != null && MiscUtil.isNotEmpty(cpeps.getURL()) && - MiscUtil.isNotEmpty(cpeps.getCountryCode())) { + } + + try { + log.error("QAAAA " + storkconfig.getDefaultQaa()); + stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa()); + + if (storkconfig.getAttributes() != null) { + List dbStorkAttr = new ArrayList(); + stork.setAttributes(dbStorkAttr); - if (cpeps.getCountryCode().equals("CC") && - cpeps.getURL().equals("http://")) - log.info("Remove dummy STORK CPEPS entry."); - - else - dbStorkCPEPS.add(cpeps); + + for (StorkAttribute attr : storkconfig.getAttributes()) { + if (attr != null && MiscUtil.isNotEmpty(attr.getName())) + dbStorkAttr.add(attr); - } else - log.info("Remove null or emtpy STORK CPEPS configuration"); - } + else + log.info("Remove null or empty STORK attribute"); + } + + } else + stork.setAttributes((List) (new ArrayList())); + + if (storkconfig.getCpepslist() != null) { + List dbStorkCPEPS = new ArrayList(); + stork.setCPEPS(dbStorkCPEPS); + + for (CPEPS cpeps : storkconfig.getCpepslist()) { + if (cpeps != null && MiscUtil.isNotEmpty(cpeps.getURL()) && + MiscUtil.isNotEmpty(cpeps.getCountryCode())) { + + if (cpeps.getCountryCode().equals("CC") && + cpeps.getURL().equals("http://")) + log.info("Remove dummy STORK CPEPS entry."); + + else + dbStorkCPEPS.add(cpeps); + + } else + log.info("Remove null or emtpy STORK CPEPS configuration"); + } + + } else + stork.setCPEPS((List) (new ArrayList())); - } else - stork.setCPEPS((List) (new ArrayList())); - - } catch (Exception e) { - e.printStackTrace(); - - } - - try{ - log.info("CPEPS LIST: " + storkconfig.getCpepslist().size() ); - log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL()); - - } catch (Exception ex) { - log.info("CPEPS LIST is null"); - - } - } - - //write MIS Mandate-Service URLs - if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { - OnlineMandates dbmandate = dbauth.getOnlineMandates(); - if (dbmandate == null) { - dbmandate = new OnlineMandates(); - dbauth.setOnlineMandates(dbmandate); + } catch (Exception e) { + e.printStackTrace(); + + } + + try{ + log.info("CPEPS LIST: " + storkconfig.getCpepslist().size() ); + log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL()); + + } catch (Exception ex) { + log.info("CPEPS LIST is null"); + + } } - ConnectionParameterClientAuthType dbmandateconnection = dbmandate.getConnectionParameter(); - - if (dbmandateconnection == null) { - dbmandateconnection = new ConnectionParameterClientAuthType(); - dbmandate.setConnectionParameter(dbmandateconnection); + + //write MIS Mandate-Service URLs + if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { + OnlineMandates dbmandate = dbauth.getOnlineMandates(); + if (dbmandate == null) { + dbmandate = new OnlineMandates(); + dbauth.setOnlineMandates(dbmandate); + } + ConnectionParameterClientAuthType dbmandateconnection = dbmandate.getConnectionParameter(); + + if (dbmandateconnection == null) { + dbmandateconnection = new ConnectionParameterClientAuthType(); + dbmandate.setConnectionParameter(dbmandateconnection); + } + + if (KeyValueUtils.isCSVValueString(moaconfig.getMandateURL())) + dbmandateconnection.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getMandateURL())); + + else { + if (moaconfig.getMandateURL().contains(KeyValueUtils.CSV_DELIMITER)) + dbmandateconnection.setURL( + moaconfig.getMandateURL().trim().substring(0, + moaconfig.getMandateURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + + else + dbmandateconnection.setURL( + StringUtils.chomp(moaconfig.getMandateURL().trim())); + + } } - if (KeyValueUtils.isCSVValueString(moaconfig.getMandateURL())) - dbmandateconnection.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getMandateURL())); - - else { - if (moaconfig.getMandateURL().contains(KeyValueUtils.CSV_DELIMITER)) - dbmandateconnection.setURL( - moaconfig.getMandateURL().trim().substring(0, - moaconfig.getMandateURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + //write ELGA Mandate-Service URLs + if (MiscUtil.isNotEmpty(moaconfig.getElgaMandateServiceURL())) { + if (KeyValueUtils.isCSVValueString(moaconfig.getElgaMandateServiceURL())) + dbconfig.setElgaMandateServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getElgaMandateServiceURL())); - else - dbmandateconnection.setURL( - StringUtils.chomp(moaconfig.getMandateURL().trim())); - - } + else { + if (moaconfig.getElgaMandateServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) + dbconfig.setElgaMandateServiceURLs( + moaconfig.getElgaMandateServiceURL().trim().substring(0, + moaconfig.getElgaMandateServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + + else + dbconfig.setElgaMandateServiceURLs( + StringUtils.chomp(moaconfig.getElgaMandateServiceURL().trim())); + + } + } } - //write ELGA Mandate-Service URLs - if (MiscUtil.isNotEmpty(moaconfig.getElgaMandateServiceURL())) { - if (KeyValueUtils.isCSVValueString(moaconfig.getElgaMandateServiceURL())) - dbconfig.setElgaMandateServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getElgaMandateServiceURL())); + + //write E-ID System URLs + if (MiscUtil.isNotEmpty(moaconfig.getEidSystemServiceURL())) { + if (KeyValueUtils.isCSVValueString(moaconfig.getEidSystemServiceURL())) + dbconfig.setEidSystemServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getEidSystemServiceURL())); else { - if (moaconfig.getElgaMandateServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) - dbconfig.setElgaMandateServiceURLs( - moaconfig.getElgaMandateServiceURL().trim().substring(0, - moaconfig.getElgaMandateServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); + if (moaconfig.getEidSystemServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) + dbconfig.setEidSystemServiceURLs( + moaconfig.getEidSystemServiceURL().trim().substring(0, + moaconfig.getEidSystemServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER))); else - dbconfig.setElgaMandateServiceURLs( - StringUtils.chomp(moaconfig.getElgaMandateServiceURL().trim())); + dbconfig.setEidSystemServiceURLs( + StringUtils.chomp(moaconfig.getEidSystemServiceURL().trim())); } } - - MOASP dbmoasp = dbauth.getMOASP(); - if (dbmoasp == null) { - dbmoasp = new MOASP(); - dbauth.setMOASP(dbmoasp); - } - if (MiscUtil.isNotEmpty(moaconfig.getMoaspssURL())) { - ConnectionParameterClientAuthType moaspcon = dbmoasp.getConnectionParameter(); - if (moaspcon == null) { - moaspcon = new ConnectionParameterClientAuthType(); - dbmoasp.setConnectionParameter(moaspcon); + if (isMoaidMode) { + MOASP dbmoasp = dbauth.getMOASP(); + if (dbmoasp == null) { + dbmoasp = new MOASP(); + dbauth.setMOASP(dbmoasp); } - moaspcon.setURL(moaconfig.getMoaspssURL()); - } - VerifyIdentityLink moaidl = dbmoasp.getVerifyIdentityLink(); - if (moaidl == null) { - moaidl = new VerifyIdentityLink(); - dbmoasp.setVerifyIdentityLink(moaidl); - } - moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile()); - moaidl.setTestTrustProfileID(moaconfig.getMoaspssIdlTrustProfileTest()); - - VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock(); - if (moaauth == null) { - moaauth = new VerifyAuthBlock(); - dbmoasp.setVerifyAuthBlock(moaauth); - } - moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile()); - moaauth.setTestTrustProfileID(moaconfig.getMoaspssAuthTrustProfileTest()); - - if (moaauth.getVerifyTransformsInfoProfileID() != null && - moaauth.getVerifyTransformsInfoProfileID().size() > 0) - moaauth.getVerifyTransformsInfoProfileID().set(0, moaconfig.getAuthTransformList().get(0)); - - else { - if (moaauth.getVerifyTransformsInfoProfileID() == null) { - moaauth.setVerifyTransformsInfoProfileID(new ArrayList()); - + if (MiscUtil.isNotEmpty(moaconfig.getMoaspssURL())) { + ConnectionParameterClientAuthType moaspcon = dbmoasp.getConnectionParameter(); + if (moaspcon == null) { + moaspcon = new ConnectionParameterClientAuthType(); + dbmoasp.setConnectionParameter(moaspcon); + } + moaspcon.setURL(moaconfig.getMoaspssURL()); } - moaauth.getVerifyTransformsInfoProfileID().add(moaconfig.getAuthTransformList().get(0)); - } - - SecurityLayer seclayertrans = dbauth.getSecurityLayer(); - if (seclayertrans == null) { - seclayertrans = new SecurityLayer(); - dbauth.setSecurityLayer(seclayertrans); - } - List trans = new ArrayList(); - Map moatrans = moaconfig.getSecLayerTransformation(); - if (moatrans != null) { - Set keys = moatrans.keySet(); - for (String key : keys) { - TransformsInfoType elem = new TransformsInfoType(); - elem.setFilename(key); - elem.setTransformation(moatrans.get(key)); - trans.add(elem); + VerifyIdentityLink moaidl = dbmoasp.getVerifyIdentityLink(); + if (moaidl == null) { + moaidl = new VerifyIdentityLink(); + dbmoasp.setVerifyIdentityLink(moaidl); } + moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile()); + moaidl.setTestTrustProfileID(moaconfig.getMoaspssIdlTrustProfileTest()); + + VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock(); + if (moaauth == null) { + moaauth = new VerifyAuthBlock(); + dbmoasp.setVerifyAuthBlock(moaauth); + } + moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile()); + moaauth.setTestTrustProfileID(moaconfig.getMoaspssAuthTrustProfileTest()); + + if (moaauth.getVerifyTransformsInfoProfileID() != null && + moaauth.getVerifyTransformsInfoProfileID().size() > 0) + moaauth.getVerifyTransformsInfoProfileID().set(0, moaconfig.getAuthTransformList().get(0)); + + else { + if (moaauth.getVerifyTransformsInfoProfileID() == null) { + moaauth.setVerifyTransformsInfoProfileID(new ArrayList()); + + } + moaauth.getVerifyTransformsInfoProfileID().add(moaconfig.getAuthTransformList().get(0)); + } + + SecurityLayer seclayertrans = dbauth.getSecurityLayer(); + if (seclayertrans == null) { + seclayertrans = new SecurityLayer(); + dbauth.setSecurityLayer(seclayertrans); + } + List trans = new ArrayList(); + Map moatrans = moaconfig.getSecLayerTransformation(); + if (moatrans != null) { + Set keys = moatrans.keySet(); + for (String key : keys) { + TransformsInfoType elem = new TransformsInfoType(); + elem.setFilename(key); + elem.setTransformation(moatrans.get(key)); + trans.add(elem); + } + } + if (trans.size() > 0) + seclayertrans.setTransformsInfo(trans); + + + SLRequestTemplates slrequesttempl = dbconfig.getSLRequestTemplates(); + if (slrequesttempl == null) { + slrequesttempl = new SLRequestTemplates(); + dbconfig.setSLRequestTemplates(slrequesttempl); + } + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateHandy())) + slrequesttempl.setHandyBKU(moaconfig.getSLRequestTemplateHandy()); + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateLocal())) + slrequesttempl.setLocalBKU(moaconfig.getSLRequestTemplateLocal()); + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateOnline())) + slrequesttempl.setOnlineBKU(moaconfig.getSLRequestTemplateOnline()); + } - if (trans.size() > 0) - seclayertrans.setTransformsInfo(trans); - - - SLRequestTemplates slrequesttempl = dbconfig.getSLRequestTemplates(); - if (slrequesttempl == null) { - slrequesttempl = new SLRequestTemplates(); - dbconfig.setSLRequestTemplates(slrequesttempl); - } - if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateHandy())) - slrequesttempl.setHandyBKU(moaconfig.getSLRequestTemplateHandy()); - if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateLocal())) - slrequesttempl.setLocalBKU(moaconfig.getSLRequestTemplateLocal()); - if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateOnline())) - slrequesttempl.setOnlineBKU(moaconfig.getSLRequestTemplateOnline()); if (MiscUtil.isNotEmpty(moaconfig.getTrustedCACerts())) dbconfig.setTrustedCACertificates(moaconfig.getTrustedCACerts()); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index cfb74ebd2..6902a668f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -70,31 +70,33 @@ public class EditOAAction extends BasicOAAction { OAAuthenticationData authOA = new OAAuthenticationData(); formList.put(authOA.getName(), authOA); - OABPKEncryption bPKEncDec = new OABPKEncryption(); - formList.put(bPKEncDec.getName(), bPKEncDec); - - OASSOConfig ssoOA = new OASSOConfig(); - formList.put(ssoOA.getName(), ssoOA); - OASAML1Config saml1OA = new OASAML1Config(); formList.put(saml1OA.getName(), saml1OA); + + if (isMoaidMode) { + OABPKEncryption bPKEncDec = new OABPKEncryption(); + formList.put(bPKEncDec.getName(), bPKEncDec); + + OASSOConfig ssoOA = new OASSOConfig(); + formList.put(ssoOA.getName(), ssoOA); - OAPVP2Config pvp2OA = new OAPVP2Config(); - formList.put(pvp2OA.getName(), pvp2OA); + OAPVP2Config pvp2OA = new OAPVP2Config(); + formList.put(pvp2OA.getName(), pvp2OA); - OAOAuth20Config oauth20OA = new OAOAuth20Config(); - formList.put(oauth20OA.getName(), oauth20OA); + OAOAuth20Config oauth20OA = new OAOAuth20Config(); + formList.put(oauth20OA.getName(), oauth20OA); - OASTORKConfig storkOA = new OASTORKConfig(); - formList.put(storkOA.getName(), storkOA); + OASTORKConfig storkOA = new OASTORKConfig(); + formList.put(storkOA.getName(), storkOA); - Map map = new HashMap(); - map.putAll(FormBuildUtils.getDefaultMap()); - FormularCustomization formOA = new FormularCustomization(map); - formList.put(formOA.getName(), formOA); + Map map = new HashMap(); + map.putAll(FormBuildUtils.getDefaultMap()); + FormularCustomization formOA = new FormularCustomization(map); + formList.put(formOA.getName(), formOA); - OARevisionsLogData revisOA = new OARevisionsLogData(); - formList.put(revisOA.getName(), revisOA); + OARevisionsLogData revisOA = new OARevisionsLogData(); + formList.put(revisOA.getName(), revisOA); + } } @@ -210,8 +212,8 @@ public class EditOAAction extends BasicOAAction { errors.addAll(form.validate(getGeneralOA(), authUser, request)); // Do not allow SSO in combination with special BKUSelection features - if (getSsoOA().isUseSSO() - && (getFormOA().isOnlyMandateAllowed() || !getFormOA() + if (getSsoOA() != null && getSsoOA().isUseSSO() + && (getFormOA() != null && getFormOA().isOnlyMandateAllowed() || !getFormOA() .isShowMandateLoginButton())) { log.warn("Special BKUSelection features can not be used in combination with SSO"); errors.add(LanguageHelper.getErrorString( diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java index 7fae5d40c..180f32235 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java @@ -23,17 +23,14 @@ package at.gv.egovernment.moa.id.configuration.struts.action; import java.util.ArrayList; -import java.util.Date; import java.util.List; import org.apache.log4j.Logger; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.IdentificationNumber; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; -import at.gv.egiz.eaaf.core.impl.utils.Random; -import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; @@ -42,7 +39,6 @@ import at.gv.egovernment.moa.id.configuration.data.OAListElement; import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; import at.gv.egovernment.moa.id.configuration.data.oa.OAMOAIDPInterfederationConfig; -import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config; import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; import at.gv.egovernment.moa.id.configuration.data.oa.PVPGatewayInterfederationConfig; @@ -50,7 +46,6 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index 717a0c827..247004b75 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -46,7 +46,7 @@ public class MOAConfigValidator { private static final Logger log = Logger.getLogger(MOAConfigValidator.class); - public List validate(GeneralMOAIDConfig form, HttpServletRequest request) { + public List validate(GeneralMOAIDConfig form, HttpServletRequest request, boolean isMOAIDMode) { List errors = new ArrayList(); @@ -126,7 +126,7 @@ public class MOAConfigValidator { // } check = form.getDefaultBKUHandy(); - if (MiscUtil.isNotEmpty(check)) { + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Handy-BKU URL"); errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); @@ -134,7 +134,7 @@ public class MOAConfigValidator { } check = form.getDefaultBKULocal(); - if (MiscUtil.isNotEmpty(check)) { + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Online-BKU URL"); errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); @@ -142,7 +142,7 @@ public class MOAConfigValidator { } check = form.getDefaultBKUOnline(); - if (MiscUtil.isNotEmpty(check)) { + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Online-BKU URL"); errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); @@ -162,7 +162,7 @@ public class MOAConfigValidator { // } check = form.getMandateURL(); - if (MiscUtil.isNotEmpty(check)) { + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { String[] misURLs = check.split(","); for (String el : misURLs) { if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { @@ -174,7 +174,7 @@ public class MOAConfigValidator { } check = form.getElgaMandateServiceURL(); - if (MiscUtil.isNotEmpty(check)) { + if (MiscUtil.isNotEmpty(check) && isMOAIDMode) { String[] elgaServiceURLs = check.split(","); for (String el : elgaServiceURLs) { if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { @@ -185,87 +185,103 @@ public class MOAConfigValidator { } } + check = form.getEidSystemServiceURL(); + if (MiscUtil.isNotEmpty(check)) { + String[] eidServiceURLs = check.split(","); + for (String el : eidServiceURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid E-ID System Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid", + new Object[]{el}, request)); + } + } + } + check = form.getMoaspssAuthTransformations(); List authtranslist = new ArrayList(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MoaspssAuthTransformation"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", request)); - } else { - - //is only required if more then one transformation is in use -// check = StringHelper.formatText(check); -// String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER); -// int i=1; -// for(String el : list) { -// if (ValidationHelper.containsPotentialCSSCharacter(el, false)) { -// log.info("IdentityLinkSigners is not valid: " + el); -// errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", -// new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} )); -// -// } else { -// if (MiscUtil.isNotEmpty(el.trim())) -// authtranslist.add(el.trim()); -// } -// i++; -// } - authtranslist.add(check.trim()); + if (isMOAIDMode) { + if (MiscUtil.isEmpty(check)) { + log.info("Empty MoaspssAuthTransformation"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", request)); + } else { + + //is only required if more then one transformation is in use + // check = StringHelper.formatText(check); + // String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER); + // int i=1; + // for(String el : list) { + // if (ValidationHelper.containsPotentialCSSCharacter(el, false)) { + // log.info("IdentityLinkSigners is not valid: " + el); + // errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", + // new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} )); + // + // } else { + // if (MiscUtil.isNotEmpty(el.trim())) + // authtranslist.add(el.trim()); + // } + // i++; + // } + authtranslist.add(check.trim()); + } } form.setAuthTransformList(authtranslist); - check = form.getMoaspssAuthTrustProfile(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Authblock TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Authblock TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + if (isMOAIDMode) { + check = form.getMoaspssAuthTrustProfile(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Authblock TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Authblock TrustProfile is not valid: " +check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", + new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + } } - } - - check = form.getMoaspssIdlTrustProfile(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("IdentityLink TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + + check = form.getMoaspssIdlTrustProfile(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("IdentityLink TrustProfile is not valid: " +check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", + new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + } } - } - - check = form.getMoaspssAuthTrustProfileTest(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Test-Authblock TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Test-Authblock TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + + check = form.getMoaspssAuthTrustProfileTest(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Test-Authblock TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Test-Authblock TrustProfile is not valid: " +check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid", + new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + } } - } - - check = form.getMoaspssIdlTrustProfileTest(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request)); - } else { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("Test-IdentityLink TrustProfile is not valid: " +check); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + + check = form.getMoaspssIdlTrustProfileTest(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request)); + } else { + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.info("Test-IdentityLink TrustProfile is not valid: " +check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid", + new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + } } - } - - - check = form.getMoaspssURL(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid MOA-SP/SS Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request)); + + + check = form.getMoaspssURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid MOA-SP/SS Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request)); + } } } @@ -312,109 +328,111 @@ public class MOAConfigValidator { // } // } - check = form.getSLRequestTemplateHandy(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate Handy-BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate Handy-BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request)); - } - } - - check = form.getSLRequestTemplateLocal(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate local BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate local BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request)); - } - } - - check = form.getSLRequestTemplateOnline(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLRequestTemplate Online-BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request)); - } else { - if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { - log.info("SLRequestTemplate Online-BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request)); + if (isMOAIDMode) { + check = form.getSLRequestTemplateHandy(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate Handy-BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request)); + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("SLRequestTemplate Handy-BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request)); + } } - } - - check = form.getSsoFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.info("SSO friendlyname is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", - new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + + check = form.getSLRequestTemplateLocal(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate local BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request)); + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("SLRequestTemplate local BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request)); + } } - } - -// check = form.getSsoIdentificationNumber(); -// if (MiscUtil.isNotEmpty(check)) { -// if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { -// log.info("SSO IdentificationNumber is not valid: " + check); -// errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", -// new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); -// } -// } - -// check = form.getSsoPublicUrl(); -// if (MiscUtil.isNotEmpty(check)) { -// if (!ValidationHelper.validateURL(check)) { -// log.info("SSO Public URL is not valid"); -// errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid")); -// } -// } - - check = form.getSsoSpecialText(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsNotValidCharacter(check, true)) { - log.info("SSO SpecialText is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", - new Object[] {ValidationHelper.getNotValidCharacter(true)} , request)); + + check = form.getSLRequestTemplateOnline(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate Online-BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request)); + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("SLRequestTemplate Online-BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request)); + } } - } - - check = form.getSsoTarget(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SSO Target"); - //errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request)); - } else { - if (!ValidationHelper.isValidAdminTarget(check)) { - + check = form.getSsoFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", + log.info("SSO friendlyname is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); } + } + + // check = form.getSsoIdentificationNumber(); + // if (MiscUtil.isNotEmpty(check)) { + // if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + // log.info("SSO IdentificationNumber is not valid: " + check); + // errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", + // new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + // } + // } + + // check = form.getSsoPublicUrl(); + // if (MiscUtil.isNotEmpty(check)) { + // if (!ValidationHelper.validateURL(check)) { + // log.info("SSO Public URL is not valid"); + // errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid")); + // } + // } + + check = form.getSsoSpecialText(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsNotValidCharacter(check, true)) { + log.info("SSO SpecialText is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", + new Object[] {ValidationHelper.getNotValidCharacter(true)} , request)); + } + } + + check = form.getSsoTarget(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SSO Target"); + //errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request)); - String num = check.replaceAll(" ", ""); - - if ( !(num.startsWith(Constants.IDENIFICATIONTYPE_FN) || - num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) || - num.startsWith(Constants.IDENIFICATIONTYPE_ERSB) ) ) { + } else { + if (!ValidationHelper.isValidAdminTarget(check)) { - log.info("Not valid SSO Target"); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request)); + if (ValidationHelper.containsNotValidCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", + new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); + } + + String num = check.replaceAll(" ", ""); + + if ( !(num.startsWith(Constants.IDENIFICATIONTYPE_FN) || + num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) || + num.startsWith(Constants.IDENIFICATIONTYPE_ERSB) ) ) { + + log.info("Not valid SSO Target"); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request)); + } + } - } - } - - check = form.getSzrgwURL(); - if (MiscUtil.isNotEmpty(check)) { - String[] szrGWServiceURLs = check.split(","); - for (String el : szrGWServiceURLs) { - if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { - log.info("Not valid Online-Mandate Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", - new Object[]{el}, request)); + + check = form.getSzrgwURL(); + if (MiscUtil.isNotEmpty(check)) { + String[] szrGWServiceURLs = check.split(","); + for (String el : szrGWServiceURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", + new Object[]{el}, request)); + } } } } @@ -433,41 +451,42 @@ public class MOAConfigValidator { } - - if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) { - HashMap map = new HashMap(); - for (int i=0; i map = new HashMap(); + for (int i=0; i - -
-

<%=LanguageHelper.getGUIString("webpages.moaconfig.defaultbkus.header", request) %>

- - - - - - - - - -
- -
-

<%=LanguageHelper.getGUIString("webpages.moaconfig.slrequesttemplates.header", request) %>

+ +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.defaultbkus.header", request) %>

- - - - - - - - + + + + + + + + +
-
- +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.slrequesttemplates.header", request) %>

+ + + + + + + + + + +
+ + +

<%=LanguageHelper.getGUIString("webpages.moaconfig.certificates.header", request) %>

@@ -156,177 +158,204 @@ key="webpages.moaconfig.timeout.assertion" cssClass="textfield_long"> - - - - - -
- -
-

<%=LanguageHelper.getGUIString("webpages.moaconfig.moasp.header", request) %>

- - - - - - -<%-- - --%> - - - - - - - - -<%-- - --%> - - + + + + + + + + + + + + -<%-- - --%>
-
-

<%=LanguageHelper.getGUIString("webpages.moaconfig.services.header", request) %>

- - - - - - -
+ +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.moasp.header", request) %>

+ + + + + + + + <%-- + --%> + + + + + + + + + <%-- + --%> + + + + <%-- + --%> + +
+ -
-

<%=LanguageHelper.getGUIString("webpages.moaconfig.sso.header", request) %>

-<%-- - --%> - - - - - - -
-

<%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %>

- -

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %>

- - - - - - - - - - - - - - - - - - - - - - -
Country ShortcodePEPS URLSupports XMLEncryption
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
- " onclick='newPeps();' /> -

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading", request) %>

- - - - - - - -
<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading.name", request) %><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading.mandatory", request) %>
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
- " onclick='newStorkAttribute();' /> +

<%=LanguageHelper.getGUIString("webpages.moaconfig.services.header", request) %>

+ + + + + + + + + + + +
+ +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.sso.header", request) %>

+ <%-- + --%> + + + + + + +
+ +
+

<%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %>

+ +

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %>

+ + + + + + + + + + + + + + + + + + + + + + +
Country ShortcodePEPS URLSupports XMLEncryption
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
+ " onclick='newPeps();' /> +

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading", request) %>

+ + + + + + + +
<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading.name", request) %><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading.mandatory", request) %>
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
+ " onclick='newStorkAttribute();' /> +
+ +

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.header", request) %>

@@ -338,18 +367,21 @@ key="webpages.moaconfig.protocols.legacy.saml1" cssClass="checkbox"> - - - - + + + + + + +

@@ -362,12 +394,15 @@ key="webpages.moaconfig.protocols.legacy.saml1" cssClass="checkbox"> - - + + + + +
@@ -461,24 +496,25 @@ -
-

<%=LanguageHelper.getGUIString("webpages.moaconfig.sl.transormations.header", request) %>

- - - - -
- -
- + +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.sl.transormations.header", request) %>

+ + + -
-
- - -
+
+ + + +
+ +
+ + +

diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index cc4220d0e..feab86593 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -46,12 +46,14 @@ - + + - + - - + + +

<%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.header", request) %>

@@ -64,35 +66,40 @@ - - - - - - + + + + + + + - - hidden - + + + hidden + - + +
- + + - + + diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp index d2668e264..7a54df554 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp @@ -3,8 +3,8 @@ <%@ taglib prefix="s" uri="/struts-tags" %> - - + +

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.header", request) %>

@@ -167,16 +167,26 @@
-

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.szrgw.header", request) %>

- +

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.szrgw.header", request) %>

- - -
+ + + + +
+

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.eid.header", request) %>

+ + +
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp index 367dc445d..2436b1051 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp @@ -123,25 +123,27 @@ cssClass="checkbox"> - - - - - + + + + + + + diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp index 95d6de912..f4c377d9c 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp @@ -18,10 +18,14 @@ -
- - "><%=LanguageHelper.getGUIString("webpages.mainpage.menu.interfederation", request) %> -
+ + +
+ + "><%=LanguageHelper.getGUIString("webpages.mainpage.menu.interfederation", request) %> +
+ +
"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.config.moaid", request) %> diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java index a28b762af..ca2df5b66 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java @@ -78,6 +78,7 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); + temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_AUTHBLOCK_TEXT, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_SERVICENAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); temp.add(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL)); @@ -284,14 +285,28 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme } } } + + check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL, getKeyPrefix())); + if (MiscUtil.isNotEmpty(check)) { + String[] misURLs = check.split(","); + for (String el : misURLs) { + if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) { + log.info("Not valid E-ID System Service URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL, + "E-ID System", + LanguageHelper.getErrorString("validation.general.eidsystem.valid", new Object[]{el}))); + } + } + } check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty MoaspssAuthTransformation"); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM, - "MOA-SP - AuthBlocktransformation", - LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty"))); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM, +// "MOA-SP - AuthBlocktransformation", +// LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty"))); } else { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("IdentityLinkSigners is not valid: " + check); @@ -307,10 +322,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty MOA-SP/SS Authblock TrustProfile"); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, - "MOA-SP - TrustProfile AuthBlock", - LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty"))); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, +// "MOA-SP - TrustProfile AuthBlock", +// LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty"))); } else { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("Authblock TrustProfile is not valid: " +check); @@ -325,10 +340,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, - "MOA-SP - TrustProfile IdL", - LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty"))); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, +// "MOA-SP - TrustProfile IdL", +// LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty"))); } else { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("IdentityLink TrustProfile is not valid: " +check); @@ -343,10 +358,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_TEST, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty MOA-SP/SS Test-Authblock TrustProfile"); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, - "MOA-SP - Test-TrustProfile AuthBlock", - LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty"))); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD, +// "MOA-SP - Test-TrustProfile AuthBlock", +// LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty"))); } else { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("Authblock Test-TrustProfile is not valid: " +check); @@ -361,10 +376,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_TEST, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile"); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, - "MOA-SP - Test-TrustProfile IdL", - LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty"))); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD, +// "MOA-SP - Test-TrustProfile IdL", +// LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty"))); } else { if (ValidationHelper.containsNotValidCharacter(check, false)) { log.info("IdentityLink Test-TrustProfile is not valid: " +check); @@ -380,10 +395,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty SLRequestTemplate Handy-BKU"); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY, - "Default SL-Templates - Handy", - LanguageHelper.getErrorString("validation.general.slrequest.handy.empty"))); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY, +// "Default SL-Templates - Handy", +// LanguageHelper.getErrorString("validation.general.slrequest.handy.empty"))); } else { if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { log.info("SLRequestTemplate Handy-BKU is not valid"); @@ -397,10 +412,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty SLRequestTemplate local BKU"); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL, - "Default SL-Templates - Local", - LanguageHelper.getErrorString("validation.general.slrequest.local.empty"))); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL, +// "Default SL-Templates - Local", +// LanguageHelper.getErrorString("validation.general.slrequest.local.empty"))); } else { if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { log.info("SLRequestTemplate local BKU is not valid"); @@ -414,10 +429,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_THIRD, getKeyPrefix())); if (MiscUtil.isEmpty(check)) { log.info("Empty SLRequestTemplate Online-BKU"); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_THIRD, - "Default SL-Templates - Online ", - LanguageHelper.getErrorString("validation.general.slrequest.online.empty"))); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_THIRD, +// "Default SL-Templates - Online ", +// LanguageHelper.getErrorString("validation.general.slrequest.online.empty"))); } else { if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { log.info("SLRequestTemplate Online-BKU is not valid"); @@ -531,10 +546,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, getKeyPrefix())); if (MiscUtil.isEmpty(check) || check.equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) { log.info("AuthBlock Transformation file is empty"); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, - "AuthBlock - Transformation", - LanguageHelper.getErrorString("validation.general.slrequest.file.empty"))); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64, +// "AuthBlock - Transformation", +// LanguageHelper.getErrorString("validation.general.slrequest.file.empty"))); } diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java index 98aa4cd66..0d2fb0690 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java @@ -158,10 +158,10 @@ public class ServicesAuthenticationInformationTask extends AbstractTaskValidator check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_KEYBOXIDENTIFIER); if (MiscUtil.isEmpty(check)) { log.info("Empty KeyBoxIdentifier"); - errors.add(new ValidationObjectIdentifier( - MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD, - "BKU - KeyBoxIdentifier", - LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty"))); +// errors.add(new ValidationObjectIdentifier( +// MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD, +// "BKU - KeyBoxIdentifier", +// LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty"))); } else { if (!MOAIDConfigurationConstants.ALLOWED_KEYBOXIDENTIFIER.contains(check)) { @@ -269,6 +269,17 @@ public class ServicesAuthenticationInformationTask extends AbstractTaskValidator LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid", new Object[]{check}))); } + + check = input.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_EID_SYSTEM_SERVICE_URL); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check)) { + log.info("Not valid ELGA Service URL"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_EXTERNAL_EID_SYSTEM_SERVICE_URL, + "E-ID System", + LanguageHelper.getErrorString("validation.general.eidsystem.valid", new Object[]{check}))); + } + check = input.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL); if (MiscUtil.isNotEmpty(check) && !ValidationHelper.validateURL(check)) { diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index 6301a10ec..a18c986c2 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -141,6 +141,10 @@ moa-id-module-saml1 + + MOA.id.server.modules + moa-id-module-EID_connector + diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 1fd6b3695..67a5a6e68 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -175,12 +175,21 @@ - - commons-collections - commons-collections - + + commons-collections + commons-collections + - + + javax.xml.ws + jaxws-api + + + javax.jws + javax.jws-api + + + org.apache.cxf cxf-rt-frontend-jaxws diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java index d654eb359..f6d116198 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java @@ -97,6 +97,12 @@ public interface MOAIDEventConstants extends EventConstants { public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED = 6202; public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR = 6203; public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID = 6204; + + public static final int AUTHPROCESS_EID_SERVICE_SELECTED = 6300; + public static final int AUTHPROCESS_EID_SERVICE_REQUESTED = 6301; + public static final int AUTHPROCESS_EID_SERVICE_RECEIVED = 6302; + public static final int AUTHPROCESS_EID_SERVICE_RECEIVED_ERROR = 6303; + public static final int AUTHPROCESS_EID_SERVICE_ATTRIBUTES_VALID = 6304; //person information public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index a35b45af2..b0f452861 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -158,7 +158,7 @@ public class MOAIDAuthInitializer { fixJava8_141ProblemWithSSLAlgorithms(); - if (!authConf.getBasicMOAIDConfigurationBoolean(ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true)) + if (!authConf.getBasicConfigurationBoolean(ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true)) Logger.info("AuthBlock 'TargetFriendlyName' validation deactivated"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 25a508687..09d517f5a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -117,7 +117,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @PostConstruct private void initialize() { - Map pubKeyMap = authConfig.getBasicMOAIDConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS); + Map pubKeyMap = authConfig.getBasicConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS); for (Entry el : pubKeyMap.entrySet()) { try { encKeyMap.put(el.getKey(), new X509Certificate(Base64Utils.decode(el.getValue(), false))); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java index 48d652671..bd183d906 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java @@ -22,9 +22,13 @@ */ package at.gv.egovernment.moa.id.auth.modules; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider; /** * @author tlenz @@ -32,6 +36,8 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; */ public class BKUSelectionModuleImpl implements AuthModule { + @Autowired(required=false) private IConfiguration configuration; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() */ @@ -50,7 +56,8 @@ public class BKUSelectionModuleImpl implements AuthModule { if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean) performBKUSelection = (boolean) performBKUSelectionObj; - if (performBKUSelection) + if (performBKUSelection && configuration != null + && configuration.getBasicConfigurationBoolean(PropertyBasedAuthConfigurationProvider.PROP_MOAID_MODE, false)) return "BKUSelectionProcess"; else diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index b7970e4fd..496501760 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -43,6 +43,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.exceptions.SLOException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; @@ -72,11 +73,10 @@ public class IDPSingleLogOutServlet extends AbstractController { @Autowired SSOManager ssoManager; @Autowired IAuthenticationManager authManager; - @Autowired IAuthenticationSessionStoreage authenicationStorage; - @Autowired SingleLogOutBuilder sloBuilder; - @Autowired IProtocolAuthenticationService protAuthService; + @Autowired IAuthenticationSessionStoreage authenicationStorage; + @Autowired IProtocolAuthenticationService protAuthService; @Autowired(required=true) private IGUIFormBuilder guiBuilder; - + @Autowired(required=false) SingleLogOutBuilder sloBuilder; @RequestMapping(value = "/idpSingleLogout", method = {RequestMethod.GET}) public void doGet(HttpServletRequest req, HttpServletResponse resp) @@ -150,8 +150,15 @@ public class IDPSingleLogOutServlet extends AbstractController { if(MiscUtil.isNotEmpty(internalSSOId)) { ISLOInformationContainer sloInfoContainer = authManager.performSingleLogOut(req, resp, null, internalSSOId); - Logger.debug("Starting technical SLO process ... "); - sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL); + if (sloBuilder != null) { + Logger.debug("Starting technical SLO process ... "); + sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL); + + } else { + Logger.warn("Can NOT perfom Single LogOut process! NO SLOBuilder in ClassPath"); + throw new SLOException("init.05", new Object[] {"Missing depentency or modul not active"}); + + } return; } @@ -180,7 +187,7 @@ public class IDPSingleLogOutServlet extends AbstractController { String redirectURL = null; IRequest sloReq = sloContainer.getSloRequest(); - if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) { + if (sloBuilder != null && sloReq != null && sloReq instanceof PVPSProfilePendingRequest) { //send SLO response to SLO request issuer SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloContainer.getSloRequest()); LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index fff019ae7..eae7aae9d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -51,6 +51,8 @@ import iaik.pki.revocation.RevocationSourceTypes; public class PropertyBasedAuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration { + public static final String PROP_MOAID_MODE = "general.moaidmode.active"; + private static final boolean TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT = true; private MOAIDConfiguration configuration; @@ -231,7 +233,9 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide allowedProtcols.setSAML1Active( configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_ENABLED, false)); allowedProtcols.setPVP21Active( - configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, true)); + configuration.getBooleanValue( + MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, true) + && getBasicConfigurationBoolean(PROP_MOAID_MODE, false)); return allowedProtcols; @@ -1307,5 +1311,4 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide } } } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java index af4cf6fa7..1e42b1e1b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java @@ -4,11 +4,11 @@ import java.util.List; import org.w3c.dom.Element; -import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; -public interface IMOAAuthData extends IAuthData{ +public interface IMOAAuthData extends IEidAuthData{ @Deprecated /** @@ -34,7 +34,6 @@ public interface IMOAAuthData extends IAuthData{ */ List> getEncMandateNaturalPersonbPKList(); - byte[] getSignerCertificate(); String getAuthBlock(); boolean isPublicAuthority(); String getPublicAuthorityCode(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java index 897a06e62..9b6de0f29 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -30,7 +30,7 @@ import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; @@ -45,14 +45,13 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ -public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable { +public class MOAAuthenticationData extends EidAuthenticationData implements IMOAAuthData, Serializable { private static final long serialVersionUID = 1L; private boolean qualifiedCertificate; private boolean publicAuthority; private String publicAuthorityCode; private String bkuURL; - private byte[] signerCertificate = null; private String authBlock = null; private String QAALevel = null; @@ -116,21 +115,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut return this.encbPKList; } - - @Override - public byte[] getSignerCertificate() { - return signerCertificate; - } - - - /** - * @param signerCertificate the signerCertificate to set - */ - public void setSignerCertificate(byte[] signerCertificate) { - this.signerCertificate = signerCertificate; - } - - @Override public String getAuthBlock() { return authBlock; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 77abe07af..9beeb6cc2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -67,7 +67,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager { public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; @Autowired private IAuthenticationSessionStoreage authenticatedSessionStore; - @Autowired private SingleLogOutBuilder sloBuilder;; + @Autowired(required=false) private SingleLogOutBuilder sloBuilder;; @Override @@ -118,8 +118,18 @@ public class AuthenticationManager extends AbstractAuthenticationManager { sloContainer.setSessionID(uniqueSessionIdentifier); sloContainer.setSloRequest(pvpReq); - sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer); - sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer); + if (sloBuilder != null) { + Logger.trace("Parse active SPs into SLOContainer ... "); + sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer); + sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer); + + } else { + Logger.warn("NO SLOBuilder in ClassPath / Single LogOut NOT possible! Mark SLO as FAILED"); + sloContainer.putFailedOA(pvpReq.getAuthURL()); + + Logger.info("Only the IDP session will be closed soon ..."); + + } Logger.debug("Active SSO Service-Provider: " + " BackChannel:" + sloContainer.getActiveBackChannelOAs().size() diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 4fc37d88f..ff5379498 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -146,14 +146,14 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider { //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, moaAuthConfig.isTrustmanagerrevoationchecking(), moaAuthConfig.getRevocationMethodOrder(), - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); @@ -173,7 +173,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider { filterChain.getFilters().add(new SchemaValidationFilter(moaAuthConfig.isPVPSchemaValidationActive())); filterChain.getFilters().add(new MetadataSignatureFilter(metadataURL, certificate)); filterChain.getFilters().add( - new PVPEntityCategoryFilter(authConfig.getBasicMOAIDConfigurationBoolean( + new PVPEntityCategoryFilter(authConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER, false))); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java index 389d97b18..ad7328433 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer; import java.util.Properties; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; @@ -32,7 +33,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.util.MiscUtil; -//@Service("PVPIDPCredentialProvider") +@Service("PVPIDPCredentialProvider") public class IDPCredentialProvider extends AbstractCredentialProvider { public static final String IDP_JAVAKEYSTORE = "idp.ks.file"; public static final String IDP_KS_PASS = "idp.ks.kspassword"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java index bd908f894..534f6797b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -76,14 +76,14 @@ public class MOASAMLSOAPClient { SecureProtocolSocketFactory sslprotocolsocketfactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean( + AuthConfigurationProviderFactory.getInstance().getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(), null, AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(), AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(), - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean( + AuthConfigurationProviderFactory.getInstance().getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory ); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 6bf44a527..e84bca330 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -94,7 +94,7 @@ public class SSLUtils { ConfigurationProvider conf, String url ) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { - boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean( + boolean useStandardJavaTrustStore = conf.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false); @@ -154,7 +154,7 @@ public class SSLUtils { ConnectionParameterInterface connParam) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { - boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean( + boolean useStandardJavaTrustStore = conf.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false); diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule index 5116c2a08..65452db3c 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule @@ -1,2 +1 @@ -at.gv.egovernment.moa.id.auth.modules.BKUSelectionModuleImpl at.gv.egovernment.moa.id.auth.modules.SingleSignOnConsentsModuleImpl \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml index 794b62477..598376261 100644 --- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml @@ -22,6 +22,32 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 3b636aaee..acce76689 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -62,6 +62,8 @@ init.00=MOA-ID-Auth wurde erfolgreich gestartet init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar init.02=Fehler beim Starten des Service MOA-ID-Auth init.04=Fehler beim Datenbankzugriff mit der SessionID {0} +init.05=Allgemeiner interner Fehler! Ursache: '{0}' + internal.00=W\u00e4hrend des Anmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Anmeldeprozess aus sicherheitsgr\u00FCnden abgebrochen wurde. internal.01=W\u00e4hrend des Abmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Abmeldeprozess abgebrochen wurde. diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java index 75f704045..1ab54471c 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java @@ -113,7 +113,7 @@ public class DummyAuthConfig implements AuthConfiguration { } @Override - public Map getBasicMOAIDConfigurationWithPrefix(String prefix) { + public Map getBasicConfigurationWithPrefix(String prefix) { Map result = new HashMap(); if (AuthenticationDataBuilder.CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS.equals(prefix)) { result.put("BMI+T1", "MIICuTCCAaGgAwIBAgIEWQMr6TANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARyb290MB4XDTE3MDQyODExNDgyN1oXDTE4MDQyODExNDgyN1owDzENMAsGA1UEAwwEcm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKavdekY9h6te6UoCvahSKqhlNk+ZMGq1aBvj129J10wJoz3BsO86cK/ounvzrE9g6FOOeEtlb/lRRTwhO601o9/dXhIvSalpKgAF4owTuhxKUEhEUNJr4pUxFSm8OkPHEXqSXsn6W7tg/G0r12z246RAApw5jpzDDdYYY8gEZFXURf1xYnbKFPoNlPIyFj0vN7Afe+Fo8v3Brb05iQkC3wBxMnL2LZ7XLK8uu93VG/mOrUrEtZkFzOWg0c3WBKQgxCD/F5BMouXBSsNu7lzV2qEyX0uIiEQrv75Fk32DjQqx41S31lByFnL8YbYWX4lsCv0O9Smhjrn6+k91JsvcDECAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAb4wDQYJKoZIhvcNAQELBQADggEBAAFQVd6PHrpBDTw+YUYj3yOgjFlKiSTEb4s59O74CZGbgElE2k36bqEJwki8W2ZiK+L3aeA1XCYF9cuI8QBWHJXg3UQFtDMF2zieOy/BBEA0HN6q4IjQKbt9cNR3w7nMp+lJ/BUlX6AIqfmSgJ6bKVlUsu4yuhstDBXy7QOAuQ8q76qkk7j6uiahWCyBRb5R9TDj7mQn0nM/tbeUUZa7Mxje/W4YhdatNYasTnExCyEE4S6lpSiJQdrkFGlRWp6Ia41/r6GZsAZ6pss+xyxDbJySqbVn2ro6WV4kMbrh/gX1HbmrF5UGIO/qvM+5yM6+wUfLtqPCK0PtLkI940E3WfM="); @@ -419,7 +419,7 @@ public class DummyAuthConfig implements AuthConfiguration { } @Override - public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { + public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) { if (AbstractAuthenticationDataBuilder.CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING.equals(key)) { if (isIDLEscapingEnabled == null) return defaultValue; @@ -459,7 +459,11 @@ public class DummyAuthConfig implements AuthConfiguration { public void setIsIDLEscapingEnabled(Boolean isIDLEscapingEnabled) { this.isIDLEscapingEnabled = isIDLEscapingEnabled; } - - + + @Override + public Boolean getBasicConfigurationBoolean(String key) { + // TODO Auto-generated method stub + return null; + } } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index 4adff7f19..62a19b399 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -154,6 +154,7 @@ public class ConfigurationMigrationUtils { if (MiscUtil.isNotEmpty(target_full)) { if (TargetValidator.isValidTarget(target_full)) { result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET, target_full); + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_SUB, Boolean.FALSE.toString()); } else { String[] target_split = target_full.split("-"); @@ -198,8 +199,13 @@ public class ConfigurationMigrationUtils { //convert selected SZR-GW service if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL())) result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL, oa.getSelectedSZRGWServiceURL()); + + //convert selected E-ID service + if (MiscUtil.isNotEmpty(oa.getSelectedEIDServiceURL())) + result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_EID_SYSTEM_SERVICE_URL, oa.getSelectedEIDServiceURL()); + - AuthComponentOA oaauth = oa.getAuthComponentOA(); + AuthComponentOA oaauth = oa.getAuthComponentOA(); if (oaauth != null) { //convert SL20 infos @@ -815,7 +821,9 @@ public class ConfigurationMigrationUtils { dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL)); - + dbOA.setSelectedEIDServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_EID_SYSTEM_SERVICE_URL)); + + dbOA.setMandateServiceSelectionTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL)); dbOA.setSaml2PostBindingTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL)); @@ -1267,6 +1275,9 @@ public class ConfigurationMigrationUtils { result.put(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL, config.getElgaMandateServiceURLs()); + if (MiscUtil.isNotEmpty(config.getEidSystemServiceURLs())) + result.put(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL, + config.getEidSystemServiceURLs()); AuthComponentGeneral auth = config.getAuthComponentGeneral(); @@ -1590,8 +1601,10 @@ public class ConfigurationMigrationUtils { MOAIDConfiguration dbconfig = new MOAIDConfiguration(); - dbconfig.setElgaMandateServiceURLs(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL)); + dbconfig.setElgaMandateServiceURLs(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL)); + dbconfig.setEidSystemServiceURLs(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL)); + AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral(); if (dbauth == null) { dbauth = new AuthComponentGeneral(); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index 1be97c49d..91d738989 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -52,6 +52,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { private static final String TEMPLATES = "templates"; private static final String INTERFEDERATION = "interfederation"; private static final String ELGA_MANDATE_SERVICE_URL = "modules.elga_mandate.service.entityID"; + private static final String EID_SYSTEM_SERVICE_URL = "modules.eid_system.service.entityID"; private static final String PROTOCOLS = "protocols"; private static final String SAML1 = "saml1"; @@ -195,9 +196,11 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_REVERSION_LOGS_ENABLED = SERVICE_REVERSION + ".log.enabled"; public static final String SERVICE_REVERSION_LOGS_EVENTCODES = SERVICE_REVERSION + ".log.eventcodes"; - public static final String SERVICE_EXTERNAL_ELGA_MANDATE_SERVICE_URL = ELGA_MANDATE_SERVICE_URL; + public static final String SERVICE_EXTERNAL_ELGA_MANDATE_SERVICE_URL = ELGA_MANDATE_SERVICE_URL; + public static final String SERVICE_EXTERNAL_MIS_SERVICE_URL = "modules.mis.service.url"; public static final String SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL = "modules.szrgw.service.url"; + public static final String SERVICE_EXTERNAL_EID_SYSTEM_SERVICE_URL = "modules.eidsystem.service.url"; //Namespaces for general MOA-ID config public static final String GENERAL_PUBLICURLPREFIX = PREFIX_MOAID_GENERAL + ".publicURLPrefix"; @@ -235,6 +238,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String GENERAL_AUTH_SERVICES_HVB_URL = GENERAL_AUTH + ".services.hvb.url"; public static final String GENERAL_AUTH_SERVICES_ELGA_MANDATE_SERVICE_URL = PREFIX_MOAID_GENERAL + "." + ELGA_MANDATE_SERVICE_URL; + public static final String GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL = PREFIX_MOAID_GENERAL + "." + EID_SYSTEM_SERVICE_URL; + public static final String GENERAL_AUTH_SSO_SERVICENAME = GENERAL_AUTH + "." + SSO + ".servicename"; public static final String GENERAL_AUTH_SSO_TARGET = GENERAL_AUTH + "." + SSO + ".target"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java index c251c7abb..1cb2f3fa0 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java @@ -187,6 +187,10 @@ public class MOAIDConfiguration @XmlTransient protected String elgaMandateServiceURLs = null; + @XmlTransient + protected String eidSystemServiceURLs = null; + + /** * @return the eventCodes @@ -503,6 +507,16 @@ public class MOAIDConfiguration this.elgaMandateServiceURLs = elgaMandateServiceURLs; } + + + public String getEidSystemServiceURLs() { + return eidSystemServiceURLs; + } + + public void setEidSystemServiceURLs(String eidSystemServiceURLs) { + this.eidSystemServiceURLs = eidSystemServiceURLs; + } + /** * Sets the value of the hjid property. * diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java index 510fd0581..74a79912e 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java @@ -108,6 +108,9 @@ public class OnlineApplication @XmlTransient protected String selectedSZRGWServiceURL = null; + + @XmlTransient + protected String selectedEIDServiceURL = null; @XmlTransient protected String saml2PostBindingTemplateURL = null; @@ -123,7 +126,7 @@ public class OnlineApplication @XmlTransient protected Boolean iseIDDemoModeActive = false; - + public String getForeignbPKTargetList() { return foreignbPKTargetList; @@ -194,6 +197,15 @@ public class OnlineApplication this.selectedSZRGWServiceURL = selectedSZRGWServiceURL; } + + public String getSelectedEIDServiceURL() { + return this.selectedEIDServiceURL; + } + + public void setSelectedEIDServiceURL(String selectedEIDServiceURL) { + this.selectedEIDServiceURL = selectedEIDServiceURL; + } + /** * @return the isRevisionsLogActive */ diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java index 5ef48526e..9c1ebe386 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java @@ -115,6 +115,12 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration } + @Override + protected final String getFromGroup() { + return null; + + } + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters() */ diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java index 85d8413ae..ff434948d 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java @@ -141,5 +141,10 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo } + @Override + protected final String getFromGroup() { + return null; + + } } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index fe0e659c7..596b28576 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -305,7 +305,7 @@ public class MISSimpleClient { try { httpclient = HttpClientWithProxySupport.getHttpClient( sSLSocketFactory, - authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + authConfig.getBasicConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); // set http POST Request HttpPost post = new HttpPost(webServiceURL); diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java index b80e995ed..a6a7084f5 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java @@ -109,7 +109,7 @@ public class EidasCentralAuthMetadataController extends AbstractController { } private List> getAdditonalRequiredAttributes() { - Map addReqAttributes = authConfig.getBasicMOAIDConfigurationWithPrefix(EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); + Map addReqAttributes = authConfig.getBasicConfigurationWithPrefix(EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); if (addReqAttributes != null) { List> result = new ArrayList>(); for (String el : addReqAttributes.values()) { diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java index 3a4bcdc48..5c3bf0d27 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java @@ -323,14 +323,14 @@ public class EidasCentralAuthMetadataProvider extends SimpleMetadataProvider //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, moaAuthConfig.isTrustmanagerrevoationchecking(), moaAuthConfig.getRevocationMethodOrder(), - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml new file mode 100644 index 000000000..f945fa1d3 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml @@ -0,0 +1,70 @@ + + + 4.0.0 + + MOA.id.server.modules + moa-id-modules + ${moa-id-version} + + moa-id-module-EID_connector + moa-id-module-E-ID_connector + http://maven.apache.org + + UTF-8 + ${basedir}/../../../../repository + + + + + default + + true + + + + local + local + file:${basedir}/../../../../repository + + + egiz-commons + https://demo.egiz.gv.at/int-repo/ + + true + + + + + + + + + MOA.id.server + moa-id-lib + + + at.gv.egiz.components + egiz-spring-api + + + at.gv.egiz.eaaf + eaaf_module_pvp2_core + + + at.gv.egiz.eaaf + eaaf_module_pvp2_sp + + + + org.springframework + spring-test + test + + + junit + junit + test + + + diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java new file mode 100644 index 000000000..c6b5ed821 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthConstants.java @@ -0,0 +1,118 @@ +/* + * Copyright 2019 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; + +/** + * @author tlenz + * + */ +public class EIDProxyAuthConstants { + + public static final String MODULE_NAME_FOR_LOGGING = "E-ID proxy authentication"; + + public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; + + public static final String HTTP_PARAM_EIDPROXY_AUTH_SELECTION = "forwardToEID"; + + public static final String ENDPOINT_POST = "/sp/eid/post"; + public static final String ENDPOINT_REDIRECT = "/sp/eid/redirect"; + public static final String ENDPOINT_METADATA = "/sp/eid/metadata"; + + public static final String CONFIG_PROPS_PREFIX = "modules.eidproxyauth."; + public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path"; + public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.alias"; + public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.password"; + public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.alias"; + public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.password"; + public static final String CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.alias"; + public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "EID.entityId"; + public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "EID.metadataUrl"; + public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "EID.trustprofileID"; + public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additional.attributes"; + + + public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_LOA_HIGH; + public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + //add PVP Version attribute + add(Trible.newInstance(PVPConstants.PVP_VERSION_NAME, PVPConstants.PVP_VERSION_FRIENDLY_NAME, false)); + + //request entity information + add(Trible.newInstance(PVPConstants.GIVEN_NAME_NAME, PVPConstants.GIVEN_NAME_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.PRINCIPAL_NAME_NAME, PVPConstants.PRINCIPAL_NAME_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.BIRTHDATE_NAME, PVPConstants.BIRTHDATE_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.BPK_NAME, PVPConstants.BPK_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.BPK_LIST_NAME, PVPConstants.BPK_LIST_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.ENC_BPK_LIST_NAME, PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME, false)); + + //E-ID metadata attributes + add(Trible.newInstance(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_IDENTITY_STATUS_LEVEL_NAME, PVPConstants.EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_ISSUING_NATION_NAME, PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_SIGNER_CERTIFICATE_NAME, PVPConstants.EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_CCS_URL_NAME, PVPConstants.EID_CCS_URL_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_E_ID_TOKEN_NAME, PVPConstants.EID_E_ID_TOKEN_FRIENDLY_NAME, false)); + + //mandate attributes + add(Trible.newInstance(PVPConstants.MANDATE_TYPE_NAME, PVPConstants.MANDATE_TYPE_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_TYPE_OID_NAME, PVPConstants.MANDATE_TYPE_OID_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME, PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_BPK_NAME, PVPConstants.MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_BPK_LIST_NAME, PVPConstants.MANDATE_NAT_PER_BPK_LIST_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_ENC_BPK_LIST_NAME, PVPConstants.MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME, PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME, PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME, PVPConstants.MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME, PVPConstants.MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_PROF_REP_OID_NAME, PVPConstants.MANDATE_PROF_REP_OID_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_PROF_REP_DESC_NAME, PVPConstants.MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_REFERENCE_VALUE_NAME, PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false)); + + } + }); + + public static final List DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = + Collections.unmodifiableList(new ArrayList() { + private static final long serialVersionUID = 1L; + { + for (Trible el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) + add(el.getFirst()); + } + }); +} + + diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java new file mode 100644 index 000000000..16bcdb421 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java @@ -0,0 +1,71 @@ +/* + * Copyright 2019 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth; + +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class EIDProxyAuthModuleImpl implements AuthModule { + + private int priority = 0; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() + */ + @Override + public int getPriority() { + return priority; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + Logger.trace("Select E-ID authentication process ... "); + return "EIDAuthentication"; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:EID_connector_auth.process.xml" }; + } + + /** + * @param priority the priority to set + */ + public void setPriority(int priority) { + this.priority = priority; + + } +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthSpringResourceProvider.java new file mode 100644 index 000000000..a38b84122 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthSpringResourceProvider.java @@ -0,0 +1,63 @@ +/* + * Copyright 2019 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +/** + * @author tlenz + * + */ +public class EIDProxyAuthSpringResourceProvider implements SpringResourceProvider { + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() + */ + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource federationAuthConfig = new ClassPathResource("/moaid_EID_connector.beans.xml", EIDProxyAuthSpringResourceProvider.class); + + return new Resource[] {federationAuthConfig}; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() + */ + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() + */ + @Override + public String getName() { + return "MOA-ID Auth-module 'E-ID Authentication'"; + } + +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthMetadataConfiguration.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthMetadataConfiguration.java new file mode 100644 index 000000000..bd1157142 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthMetadataConfiguration.java @@ -0,0 +1,355 @@ +/* + * Copyright 2019 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.config; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthCredentialProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class EIDAuthMetadataConfiguration implements IPVPMetadataBuilderConfiguration { + + private Collection additionalAttributes = null; + + + private String authURL; + private EIDAuthCredentialProvider credentialProvider; + private IPVP2BasicConfiguration pvpConfiguration; + + public EIDAuthMetadataConfiguration(String authURL, + EIDAuthCredentialProvider credentialProvider, + IPVP2BasicConfiguration pvpConfiguration) { + this.authURL = authURL; + this.credentialProvider = credentialProvider; + this.pvpConfiguration = pvpConfiguration; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataValidUntil() + */ + @Override + public int getMetadataValidUntil() { + return EIDProxyAuthConstants.METADATA_VALIDUNTIL_IN_HOURS; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildEntitiesDescriptorAsRootElement() + */ + @Override + public boolean buildEntitiesDescriptorAsRootElement() { + return false; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildIDPSSODescriptor() + */ + @Override + public boolean buildIDPSSODescriptor() { + return false; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildSPSSODescriptor() + */ + @Override + public boolean buildSPSSODescriptor() { + return true; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityIDPostfix() + */ + @Override + public String getEntityID() { + return authURL + EIDProxyAuthConstants.ENDPOINT_METADATA; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityFriendlyName() + */ + @Override + public String getEntityFriendlyName() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getContactPersonInformation() + */ + @Override + public List getContactPersonInformation() { + try { + return pvpConfiguration.getIDPContacts(); + + } catch (EAAFException e) { + Logger.warn("Can not load Metadata entry: Contect Person", e); + return null; + + } + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getOrgansiationInformation() + */ + @Override + public Organization getOrgansiationInformation() { + try { + return pvpConfiguration.getIDPOrganisation(); + + } catch (EAAFException e) { + Logger.warn("Can not load Metadata entry: Organisation", e); + return null; + + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataSigningCredentials() + */ + @Override + public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPMetaDataSigningCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getRequestorResponseSigningCredentials() + */ + @Override + public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPAssertionSigningCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEncryptionCredentials() + */ + @Override + public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPAssertionEncryptionCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSOPostBindingURL() + */ + @Override + public String getIDPWebSSOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSORedirectBindingURL() + */ + @Override + public String getIDPWebSSORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLOPostBindingURL() + */ + @Override + public String getIDPSLOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLORedirectBindingURL() + */ + @Override + public String getIDPSLORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServicePostBindingURL() + */ + @Override + public String getSPAssertionConsumerServicePostBindingURL() { + return authURL + EIDProxyAuthConstants.ENDPOINT_POST; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServiceRedirectBindingURL() + */ + @Override + public String getSPAssertionConsumerServiceRedirectBindingURL() { + return authURL + EIDProxyAuthConstants.ENDPOINT_REDIRECT; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOPostBindingURL() + */ + @Override + public String getSPSLOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLORedirectBindingURL() + */ + @Override + public String getSPSLORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOSOAPBindingURL() + */ + @Override + public String getSPSLOSOAPBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleAttributes() + */ + @Override + public List getIDPPossibleAttributes() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleNameITTypes() + */ + @Override + public List getIDPPossibleNameITTypes() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPRequiredAttributes() + */ + @Override + public Collection getSPRequiredAttributes() { + Map requestedAttributes = new HashMap(); + for (Trible el : EIDProxyAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES) + requestedAttributes.put(el.getFirst(), PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird())); + + if (additionalAttributes != null) { + Logger.trace("Add additional PVP attributes into metadata ... "); + for (RequestedAttribute el : additionalAttributes) { + if (requestedAttributes.containsKey(el.getName())) + Logger.debug("Attribute " + el.getName() + " is already added by default configuration. Overwrite it by user configuration"); + + requestedAttributes.put(el.getName(), el); + + } + } + + return requestedAttributes.values(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAllowedNameITTypes() + */ + @Override + public List getSPAllowedNameITTypes() { + return Arrays.asList(NameIDType.PERSISTENT); + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#getSPNameForLogging() + */ + @Override + public String getSPNameForLogging() { + return EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAssertionSigned() + */ + @Override + public boolean wantAssertionSigned() { + return false; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned() + */ + @Override + public boolean wantAuthnRequestSigned() { + return true; + } + + /** + * Add additonal PVP attributes that are required by this deployment + * + * @param additionalAttr List of PVP attribute name and isRequired flag + */ + public void setAdditionalRequiredAttributes(List> additionalAttr) { + if (additionalAttr != null) { + additionalAttributes = new ArrayList(); + for (Pair el : additionalAttr) { + Attribute attributBuilder = PVPAttributeBuilder.buildEmptyAttribute(el.getFirst()); + if (attributBuilder != null) { + additionalAttributes.add( + PVPAttributeBuilder.buildReqAttribute( + attributBuilder.getName(), + attributBuilder.getFriendlyName(), + el.getSecond())); + + } else + Logger.info("NO PVP attribute with name: " + el.getFirst()); + + } + } + } + +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthRequestBuilderConfiguration.java new file mode 100644 index 000000000..5ed41c397 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/config/EIDAuthRequestBuilderConfiguration.java @@ -0,0 +1,271 @@ +/* + * Copyright 2019 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.config; + +import java.util.List; + +import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.xml.security.credential.Credential; +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; + +/** + * @author tlenz + * + */ +public class EIDAuthRequestBuilderConfiguration implements IPVPAuthnRequestBuilderConfiguruation { + + private boolean isPassive; + private String SPEntityID; + private String QAA_Level; + private EntityDescriptor idpEntity; + private Credential signCred; + private String scopeRequesterId; + private String providerName; + private List requestedAttributes; + private String reqId; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#isPassivRequest() + */ + @Override + public Boolean isPassivRequest() { + return this.isPassive; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAssertionConsumerServiceId() + */ + @Override + public Integer getAssertionConsumerServiceId() { + return 0; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getEntityID() + */ + @Override + public String getSPEntityID() { + return this.SPEntityID; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public String getNameIDPolicyFormat() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public boolean getNameIDPolicyAllowCreation() { + return true; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextClassRef() + */ + @Override + public String getAuthnContextClassRef() { + return this.QAA_Level; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextComparison() + */ + @Override + public AuthnContextComparisonTypeEnumeration getAuthnContextComparison() { + return AuthnContextComparisonTypeEnumeration.MINIMUM; + } + + /** + * @param isPassive the isPassive to set + */ + public void setPassive(boolean isPassive) { + this.isPassive = isPassive; + } + + /** + * @param sPEntityID the sPEntityID to set + */ + public void setSPEntityID(String sPEntityID) { + SPEntityID = sPEntityID; + } + + /** + * @param qAA_Level the qAA_Level to set + */ + public void setQAA_Level(String qAA_Level) { + QAA_Level = qAA_Level; + } + + /** + * @param idpEntity the idpEntity to set + */ + public void setIdpEntity(EntityDescriptor idpEntity) { + this.idpEntity = idpEntity; + } + + /** + * @param signCred the signCred to set + */ + public void setSignCred(Credential signCred) { + this.signCred = signCred; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential() + */ + @Override + public Credential getAuthnRequestSigningCredential() { + return this.signCred; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getIDPEntityDescriptor() + */ + @Override + public EntityDescriptor getIDPEntityDescriptor() { + return this.idpEntity; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameID() + */ + @Override + public String getSubjectNameID() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSPNameForLogging() + */ + @Override + public String getSPNameForLogging() { + return EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDFormat() + */ + @Override + public String getSubjectNameIDFormat() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getRequestID() + */ + @Override + public String getRequestID() { + return this.reqId; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier() + */ + @Override + public String getSubjectNameIDQualifier() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode() + */ + @Override + public String getSubjectConformationMethode() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate() + */ + @Override + public Element getSubjectConformationDate() { + return null; + } + + @Override + public List getRequestedAttributes() { + return this.requestedAttributes; + + } + + @Override + public String getProviderName() { + return this.providerName; + } + + @Override + public String getScopeRequesterId() { + return this.scopeRequesterId; + } + + /** + * Set the entityId of the SP that requests the proxy for eIDAS authentication + * + * @param scopeRequesterId + */ + public void setScopeRequesterId(String scopeRequesterId) { + this.scopeRequesterId = scopeRequesterId; + } + + /** + * Set a friendlyName for the SP that requests the proxy for eIDAS authentication + * + * @param providerName + */ + public void setProviderName(String providerName) { + this.providerName = providerName; + } + + /** + * Set a Set of PVP attributes that a requested by using requested attributes + * + * @param requestedAttributes + */ + public void setRequestedAttributes(List requestedAttributes) { + this.requestedAttributes = requestedAttributes; + } + + /** + * Set a RequestId for this Authn. Request + * + * @param reqId + */ + public void setRequestId(String reqId) { + this.reqId = reqId; + } + + + + +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthMetadataController.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthMetadataController.java new file mode 100644 index 000000000..90ecb0942 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthMetadataController.java @@ -0,0 +1,133 @@ +/* + * Copyright 2019 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.controller; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.common.net.MediaType; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.config.EIDAuthMetadataConfiguration; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthCredentialProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Controller +public class EIDAuthMetadataController extends AbstractController { + + @Autowired PVPMetadataBuilder metadatabuilder; + @Autowired AuthConfiguration authConfig; + @Autowired EIDAuthCredentialProvider credentialProvider; + @Autowired IPVP2BasicConfiguration pvpConfiguration; + + public EIDAuthMetadataController() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '" + EIDProxyAuthConstants.ENDPOINT_METADATA + + "'."); + + } + + @RequestMapping(value = EIDProxyAuthConstants.ENDPOINT_METADATA, + method = {RequestMethod.GET}) + public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { + //check PublicURL prefix + try { + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + if (!authConfig.getPublicURLPrefix().contains(authURL)) { + resp.sendError(HttpServletResponse.SC_FORBIDDEN, "No valid request URL"); + return; + + } else { + //initialize metadata builder configuration + EIDAuthMetadataConfiguration metadataConfig = + new EIDAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration); + metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes()); + + //build metadata + String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); + + //write response + byte[] content = xmlMetadata.getBytes("UTF-8"); + resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentLength(content.length); + resp.setContentType(MediaType.XML_UTF_8.toString()); + resp.getOutputStream().write(content); + + } + + } catch (Exception e) { + Logger.warn("Build E-ID Proxy PVP metadata FAILED.", e); + protAuthService.handleErrorNoRedirect(e, req, resp, false); + + } + + } + + private List> getAdditonalRequiredAttributes() { + Map addReqAttributes = authConfig.getBasicConfigurationWithPrefix(EIDProxyAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); + if (addReqAttributes != null) { + List> result = new ArrayList>(); + for (String el : addReqAttributes.values()) { + if (MiscUtil.isNotEmpty(el)) { + Logger.trace("Parse additional attr. definition: " + el); + List attr = KeyValueUtils.getListOfCSVValues(el.trim()); + if (attr.size() == 2) { + result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1)))); + + } else + Logger.info("IGNORE additional attr. definition: " + el + + " Reason: Format not valid"); + } + } + + return result; + } + + return null; + } + +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthSignalController.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthSignalController.java new file mode 100644 index 000000000..16a6e5aab --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthSignalController.java @@ -0,0 +1,68 @@ +/* + * Copyright 2019 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.controller; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.text.StringEscapeUtils; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Controller +public class EIDAuthSignalController extends AbstractProcessEngineSignalController { + + public EIDAuthSignalController() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '" + EIDProxyAuthConstants.ENDPOINT_POST + + "' and '" + EIDProxyAuthConstants.ENDPOINT_REDIRECT + "'."); + + } + + @RequestMapping(value = { EIDProxyAuthConstants.ENDPOINT_POST, + EIDProxyAuthConstants.ENDPOINT_REDIRECT + }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { + signalProcessManagement(req, resp); + + } + + public String getPendingRequestId(HttpServletRequest request) { + return StringEscapeUtils.escapeHtml4(request.getParameter("RelayState")); + + } +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java new file mode 100644 index 000000000..38a7c4add --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/CreateAuthnRequestTask.java @@ -0,0 +1,146 @@ +/* + * Copyright 2019 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.tasks; + +import java.security.NoSuchAlgorithmException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.SecurityException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.config.EIDAuthRequestBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthCredentialProvider; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthMetadataProvider; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.Utils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Component("CreateEIDSystemAuthnRequestTask") +public class CreateAuthnRequestTask extends AbstractAuthServletTask { + + @Autowired PVPAuthnRequestBuilder authnReqBuilder; + @Autowired EIDAuthCredentialProvider credential; + @Autowired EIDAuthMetadataProvider metadataService; + + //@Autowired(required=true) ILoALevelMapper loaMapper; + //@Autowired(required=true) MOAMetadataProvider metadataProvider; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try{ + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EID_SERVICE_SELECTED); + + // get entityID for central ms-specific eIDAS node + String msNodeEntityID = Utils.getEIDSystemEntityId(pendingReq.getServiceProviderConfiguration(), authConfig); + + + if (MiscUtil.isEmpty(msNodeEntityID)) { + Logger.info("E-ID authentication not possible -> NO EntityID for E-ID System FOUND!"); + throw new MOAIDException("NO EntityID for E-ID System FOUND", null); + + } + + //load metadata with metadataURL, as backup + String metadataURL = authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_NODE_METADATAURL); + if (MiscUtil.isNotEmpty(metadataURL)) { + Logger.warn("Use not recommended metadata-provider initialization!" + + " SAML2 'Well-Known-Location' is the preferred methode."); + Logger.info("Initialize 'E-ID System' metadata-provider with URL:" + metadataURL); + metadataService.addMetadataWithMetadataURL(metadataURL); + + } + + //load IDP SAML2 entitydescriptor + EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID); + if (entityDesc == null) { + Logger.error("Requested 'E-ID System' " + entityDesc + + " has no valid metadata or metadata is not found"); + throw new MOAIDException("Requested 'E-ID System' " + entityDesc + + " has no valid metadata or metadata is not found", null); + + } + + //setup AuthnRequestBuilder configuration + EIDAuthRequestBuilderConfiguration authnReqConfig = new EIDAuthRequestBuilderConfiguration(); + SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authnReqConfig.setRequestId(gen.generateIdentifier()); + authnReqConfig.setIdpEntity(entityDesc); + authnReqConfig.setPassive(false); + authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential()); + authnReqConfig.setSPEntityID(pendingReq.getAuthURL() + EIDProxyAuthConstants.ENDPOINT_METADATA); + authnReqConfig.setScopeRequesterId(pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); + + //build and transmit AuthnRequest + authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response); + + revisionsLogger.logEvent(pendingReq, + MOAIDEventConstants.AUTHPROCESS_EID_SERVICE_REQUESTED, + authnReqConfig.getRequestID()); + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (MetadataProviderException e) { + + throw new TaskExecutionException(pendingReq, + "Build PVP2.1 AuthnRequest to connect 'E-ID System' FAILED.", + new AuthnRequestBuildException("sp.pvp2.02", new Object[] {"'E-ID System'"},e )); + + } catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e) { + Logger.error("Build PVP2.1 AuthnRequest to connect 'E-ID System' FAILED", e); + throw new TaskExecutionException(pendingReq, + e.getMessage(), + new AuthnRequestBuildException("sp.pvp2.13", new Object[] {"'E-ID System'"},e )); + + } catch (Exception e) { + Logger.error("Build PVP2.1 AuthnRequest to connect 'E-ID System' FAILED", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } + +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java new file mode 100644 index 000000000..6d8d85f34 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/tasks/ReceiveAuthnResponseTask.java @@ -0,0 +1,286 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.tasks; + +import java.io.IOException; +import java.util.List; +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.SecurityException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.PVPConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthCredentialProvider; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.EIDAuthMetadataProvider; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils.Utils; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Component("ReceiveEIDSystemAuthnResponseTask") +public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { + + @Autowired private SAMLVerificationEngineSP samlVerificationEngine; + @Autowired private EIDAuthCredentialProvider credentialProvider; + @Autowired(required=true) EIDAuthMetadataProvider metadataProvider; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + InboundMessage msg = null; + + try { + + IDecoder decoder = null; + EAAFURICompare comperator = null; + //select Response Binding + if (request.getMethod().equalsIgnoreCase("POST")) { + decoder = new PostBinding(); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + EIDProxyAuthConstants.ENDPOINT_POST); + Logger.trace("Receive PVP Response from 'E-ID System', by using POST-Binding."); + + } else if (request.getMethod().equalsIgnoreCase("GET")) { + decoder = new RedirectBinding(); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + EIDProxyAuthConstants.ENDPOINT_REDIRECT); + Logger.trace("Receive PVP Response from 'E-ID System', by using Redirect-Binding."); + + } else { + Logger.warn("Receive PVP Response, but Binding (" + + request.getMethod() + ") is not supported."); + throw new AuthnResponseValidationException("sp.pvp2.03", new Object[] {EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + //decode PVP response object + msg = (InboundMessage) decoder.decode( + request, response, metadataProvider, true, + comperator); + + if (MiscUtil.isEmpty(msg.getEntityID())) { + throw new InvalidProtocolRequestException("sp.pvp2.04", + new Object[] {EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + //validate response signature + if(!msg.isVerified()) { + samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); + msg.setVerified(true); + + } + + //validate assertion + PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg); + + //validate entityId of response + String msNodeEntityID = Utils.getEIDSystemEntityId(pendingReq.getServiceProviderConfiguration(), authConfig); + String respEntityId = msg.getEntityID(); + if (!msNodeEntityID.equals(respEntityId)) { + Logger.warn("Response Issuer is not a 'E-ID System'. Stopping authentication via E-ID Proxy ..."); + throw new AuthnResponseValidationException("sp.pvp2.08", + new Object[] {EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING, + msg.getEntityID()}); + + } + + //initialize Attribute extractor + AssertionAttributeExtractor extractor = + new AssertionAttributeExtractor((Response) processedMsg.getResponse()); + + getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); + + //store pending-request + requestStoreage.storePendingRequest(pendingReq); + + //write log entries + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EID_SERVICE_ATTRIBUTES_VALID); + Logger.info("Receive a valid assertion from E-ID System " + msg.getEntityID()); + + } catch (MessageDecodingException | SecurityException e) { + String samlRequest = request.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID PVP Response from 'E-ID System': " + samlRequest, e); + throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", + new AuthnResponseValidationException("sp.pvp2.11", new Object[] {"'E-ID System'"}, e)); + + } catch (IOException | MarshallingException | TransformerException e) { + Logger.warn("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); + throw new TaskExecutionException(pendingReq, "Processing PVP response from 'E-ID System' FAILED.", + new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'E-ID System'", e.getMessage()}, e)); + + } catch (CredentialsNotAvailableException e) { + Logger.error("PVP response decrytion FAILED. No credential found.", e); + throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", + new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'E-ID System'"}, e)); + + } catch (AssertionValidationExeption | AuthnResponseValidationException e) { + Logger.info("PVP response validation FAILED. Msg:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", + new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'E-ID System'"}, e)); + + } catch (Exception e) { + Logger.warn("PVP response validation FAILED. Msg:" + e.getMessage(), e); + throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", + new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'E-ID System'", e.getMessage()}, e)); + + } + + } + + private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor, IOAAuthParameters spConfig) throws BuildException, ConfigurationException{ + try { + //check if all attributes are include +// if (!extractor.containsAllRequiredAttributes() +// && !extractor.containsAllRequiredAttributes(EIDProxyAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES)) { +// Logger.warn("PVP Response from 'E-ID System' contains not all requested attributes."); +// throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING}); +// +// } + + //copy attributes into MOASession + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + Set includedAttrNames = extractor.getAllIncludeAttributeNames(); + for (String el : includedAttrNames) { + String value = extractor.getSingleAttributeValue(el); + session.setGenericDataToSession(el, value); + Logger.debug("Add PVP-attribute " + el + " into MOASession"); + + } + + //set foreigner flag + List eidIssuer = extractor.getAttributeValues(PVPConstants.EID_ISSUING_NATION_NAME); + if (eidIssuer != null && !eidIssuer.isEmpty() && MiscUtil.isNotEmpty(eidIssuer.get(0))) { + String cc = eidIssuer.get(0); + Logger.debug("Find Attr: '" + PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME + "' with value: " + cc); + if (EAAFConstants.COUNTRYCODE_AUSTRIA.equals(cc)) + session.setForeigner(false); + else + session.setForeigner(true); + + } + + //set BKU URL + List ccsUrl = extractor.getAttributeValues(PVPConstants.EID_CCS_URL_NAME); + if (ccsUrl != null && !ccsUrl.isEmpty() && MiscUtil.isNotEmpty(ccsUrl.get(0))) + session.setBkuURL(ccsUrl.get(0)); + else if (extractor.getFullAssertion().getIssuer() != null && + StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue())) + session.setBkuURL(extractor.getFullAssertion().getIssuer().getValue()); + else + session.setBkuURL("E-ID_Authentication"); + + +// } catch (AssertionValidationExeption e) { +// throw new BuildException("builder.06", null, e); + + } catch (EAAFStorageException e) { + throw new BuildException("builder.06", null, e); + + } + } + + /** + * PreProcess AuthResponse and Assertion + * @param msg + * @throws TransformerException + * @throws MarshallingException + * @throws IOException + * @throws CredentialsNotAvailableException + * @throws AssertionValidationExeption + * @throws AuthnResponseValidationException + */ + private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { + Logger.debug("Start PVP21 assertion processing... "); + Response samlResp = (Response) msg.getResponse(); + + // check SAML2 response status-code + if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + //validate PVP 2.1 assertion + samlVerificationEngine.validateAssertion(samlResp, true, + credentialProvider.getIDPAssertionEncryptionCredential(), + pendingReq.getAuthURL() + EIDProxyAuthConstants.ENDPOINT_METADATA, + EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING); + + msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement()); + revisionsLogger.logEvent(pendingReq, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED, + samlResp.getID()); + return msg; + + } else { + Logger.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() + + " from 'E-ID System'."); + revisionsLogger.logEvent(pendingReq, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR); + throw new AuthnResponseValidationException("sp.pvp2.05", + new Object[]{EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING, + samlResp.getIssuer().getValue(), + samlResp.getStatus().getStatusCode().getValue(), + samlResp.getStatus().getStatusMessage().getMessage()}); + + } + + } + +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthCredentialProvider.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthCredentialProvider.java new file mode 100644 index 000000000..a9b886a85 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthCredentialProvider.java @@ -0,0 +1,124 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; + +/** + * @author tlenz + * + */ +@Service("EIDAuthCredentialProvider") +public class EIDAuthCredentialProvider extends AbstractCredentialProvider { + + @Autowired AuthConfiguration authConfig; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() + */ + @Override + public String getKeyStoreFilePath() throws ConfigurationException { + return FileUtils.makeAbsoluteURL( + authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_KEYSTORE), + authConfig.getRootConfigFileDir()); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStorePassword() + */ + @Override + public String getKeyStorePassword() { + return authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyAlias() + */ + @Override + public String getMetadataKeyAlias() { + return authConfig.getBasicConfiguration( + EIDProxyAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyPassword() + */ + @Override + public String getMetadataKeyPassword() { + return authConfig.getBasicConfiguration( + EIDProxyAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyAlias() + */ + @Override + public String getSignatureKeyAlias() { + return authConfig.getBasicConfiguration( + EIDProxyAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyPassword() + */ + @Override + public String getSignatureKeyPassword() { + return authConfig.getBasicConfiguration( + EIDProxyAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyAlias() + */ + @Override + public String getEncryptionKeyAlias() { + return authConfig.getBasicConfiguration( + EIDProxyAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyPassword() + */ + @Override + public String getEncryptionKeyPassword() { + return authConfig.getBasicConfiguration( + EIDProxyAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getCredentialName() + */ + @Override + public String getFriendlyName() { + return "E-ID Proxy authentication"; + } + +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthMetadataProvider.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthMetadataProvider.java new file mode 100644 index 000000000..649cfa691 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/EIDAuthMetadataProvider.java @@ -0,0 +1,347 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils; + +import java.net.MalformedURLException; +import java.util.List; +import java.util.Timer; + +import javax.xml.namespace.QName; + +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; +import org.apache.commons.httpclient.params.HttpClientParams; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.parse.BasicParserPool; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.components.spring.api.IDestroyableObject; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ + +@Service("EIDAuthMetadataProvider") +public class EIDAuthMetadataProvider extends SimpleMetadataProvider + implements IDestroyableObject { + @Autowired(required=true) AuthConfiguration moaAuthConfig; + + private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider(); + private Timer timer = null; + + + public EIDAuthMetadataProvider() { + metadataProvider.setRequireValidMetadata(true); + + } + + public void addMetadataWithMetadataURL(String metadataURL) throws MetadataProviderException { + internalInitialize(metadataURL); + + } + + public void destroy() { + fullyDestroy(); + + } + + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata() + */ + @Override + public boolean requireValidMetadata() { + return metadataProvider.requireValidMetadata(); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setRequireValidMetadata(boolean) + */ + @Override + public void setRequireValidMetadata(boolean requireValidMetadata) { + metadataProvider.setRequireValidMetadata(requireValidMetadata); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadataFilter() + */ + @Override + public MetadataFilter getMetadataFilter() { + return metadataProvider.getMetadataFilter(); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setMetadataFilter(org.opensaml.saml2.metadata.provider.MetadataFilter) + */ + @Override + public void setMetadataFilter(MetadataFilter newFilter) throws MetadataProviderException { + Logger.fatal("Set Metadata Filter is not implemented her!"); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadata() + */ + @Override + public XMLObject getMetadata() throws MetadataProviderException { + return metadataProvider.getMetadata(); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntitiesDescriptor(java.lang.String) + */ + @Override + public EntitiesDescriptor getEntitiesDescriptor(String name) throws MetadataProviderException { + return metadataProvider.getEntitiesDescriptor(name); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntityDescriptor(java.lang.String) + */ + @Override + public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException { + try { + //search if metadata is already loaded + EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID); + + if (entityDesc != null) + return entityDesc; + else + Logger.info("No metadata from centrial E-ID system " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access metadata from centrial E-ID system: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ms-specific eIDAS node + internalInitialize(entityID); + + //search again after reload (re)initialization + try { + EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID); + if (entityDesc == null) { + Logger.error("E-ID Proxy Client ERROR: No EntityID with "+ entityID); + throw new MetadataProviderException("No EntityID with "+ entityID); + } + + return entityDesc; + + } catch (MetadataProviderException e) { + Logger.error("E-ID Proxy Client ERROR: Metadata extraction FAILED.", e); + throw new MetadataProviderException("Metadata extraction FAILED", e); + + } + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName) + */ + @Override + public List getRole(String entityID, QName roleName) throws MetadataProviderException { + try { + //search if metadata is already loaded + List role = metadataProvider.getRole(entityID, roleName); + + if (role != null) + return role; + else + Logger.info("No metadata from centrial E-ID system: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access metadata from centrial E-ID system: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ms-specific eIDAS node + internalInitialize(entityID); + + //search again after reload (re)initialization + return metadataProvider.getRole(entityID, roleName); + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName, java.lang.String) + */ + @Override + public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol) + throws MetadataProviderException { + try { + //search if metadata is already loaded + RoleDescriptor role = metadataProvider.getRole(entityID, roleName, supportedProtocol); + + if (role != null) + return role; + else + Logger.info("No metadata from centrial E-ID system: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access metadata from centrial E-ID system: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ms-specific eIDAS node + internalInitialize(entityID); + + //search again after reload (re)initialization + return metadataProvider.getRole(entityID, roleName, supportedProtocol); + } + + private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException { + + //check if metadata with EntityID already exists in chaining metadata provider + boolean addNewMetadata = true; + try { + addNewMetadata = (metadataProvider.getEntityDescriptor(metdataURL) == null); + + } catch (MetadataProviderException e) {} + + //switch between metadata refresh and add new metadata + if (addNewMetadata) { + //Metadata provider seems not loaded --> Add new metadata provider + Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect centrial E-ID system"); + + String trustProfileID = authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_NODE_TRUSTPROFILEID); + if (MiscUtil.isEmpty(trustProfileID)) { + Logger.error("Create E-ID proxy client FAILED: No trustProfileID to verify PVP metadata." ); + throw new MetadataProviderException("No trustProfileID to verify PVP metadata."); + } + + //initialize Timer if it is null + if (timer == null) + timer = new Timer(true); + + //create metadata validation filter chain + MetadataFilterChain filter = new MetadataFilterChain(); + filter.addFilter(new SchemaValidationFilter(true)); + filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID)); + + MetadataProvider idpMetadataProvider = createNewSimpleMetadataProvider(metdataURL, + filter, + EIDProxyAuthConstants.MODULE_NAME_FOR_LOGGING, + timer, + new BasicParserPool(), + createHttpClient(metdataURL)); + + if (idpMetadataProvider == null) { + Logger.error("Create E-ID Proxy client FAILED."); + throw new MetadataProviderException("Can not initialize 'E-ID Proxy client' metadata provider."); + + } + + idpMetadataProvider.setRequireValidMetadata(true); + metadataProvider.addMetadataProvider(idpMetadataProvider); + + } else { + //Metadata provider seems already loaded --> start refresh process + List loadedProvider = metadataProvider.getProviders(); + for (MetadataProvider el : loadedProvider) { + if (el instanceof HTTPMetadataProvider) { + HTTPMetadataProvider prov = (HTTPMetadataProvider)el; + if (prov.getMetadataURI().equals(metdataURL)) + prov.refresh(); + + } else + Logger.warn("'E-ID Proxy client' Metadata provider is not of Type 'HTTPMetadataProvider'! Something is suspect!!!!"); + + } + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy() + */ + @Override + public void fullyDestroy() { + Logger.info("Destroy 'E-ID Proxy client' PVP metadata pool ... "); + + if (metadataProvider != null) { + metadataProvider.destroy(); + + } + + if (timer != null) + timer.cancel(); + + } + + private HttpClient createHttpClient(String metadataURL) { + MOAHttpClient httpClient = new MOAHttpClient(); + HttpClientParams httpClientParams = new HttpClientParams(); + httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); + httpClient.setParams(httpClientParams); + + if (metadataURL.startsWith("https:")) { + try { + //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getBasicConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), + moaAuthConfig.getTrustedCACertificates(), + null, + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + moaAuthConfig.isTrustmanagerrevoationchecking(), + moaAuthConfig.getRevocationMethodOrder(), + moaAuthConfig.getBasicConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } + } + + return httpClient; + + } +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java new file mode 100644 index 000000000..cd578d373 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/utils/Utils.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.utils; + +import java.util.List; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.logging.Logger; + +public class Utils { + + public static String getEIDSystemEntityId(ISPConfiguration spConfiguration, IConfiguration authConfig) { + //load from service-provider configuration + String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_EID_SYSTEM_SERVICE_URL); + + if (StringUtils.isEmpty(msNodeEntityID)) { + Logger.debug("No SP-specific E-ID system URL. Switch to general configuration ... "); + if (authConfig instanceof AuthConfiguration) { + AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig; + List configuratedEntityIDs = KeyValueUtils.getListOfCSVValues( + moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_EID_SYSTEM_SERVICE_URL)); + + if (configuratedEntityIDs.size() > 0) + msNodeEntityID = configuratedEntityIDs.get(0); + else + Logger.info("No E-ID system URL in IDP configuration. Switch to backup configuration ... "); + + } else + Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName() + + "' Switch to generic Type ... "); + + + if (StringUtils.isEmpty(msNodeEntityID)) + msNodeEntityID = authConfig.getBasicConfiguration(EIDProxyAuthConstants.CONFIG_PROPS_NODE_ENTITYID); + + } + + return msNodeEntityID; + } +} diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/EID_connector_auth.process.xml b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/EID_connector_auth.process.xml new file mode 100644 index 000000000..aee4ab403 --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/EID_connector_auth.process.xml @@ -0,0 +1,17 @@ + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..7e511c22f --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.eidproxyauth.EIDProxyAuthSpringResourceProvider \ No newline at end of file diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml new file mode 100644 index 000000000..93c70213d --- /dev/null +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/resources/moaid_EID_connector.beans.xml @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index 2a401bb04..a1d6bb225 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -82,7 +82,7 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException { try { - Map metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); + Map metadataToLoad = authConfig.getBasicConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); if (!metadataToLoad.isEmpty()) { Logger.info("Load static configurated eIDAS metadata ... "); for (String metaatalocation : metadataToLoad.values()) { @@ -441,14 +441,14 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - basicConfig.getBasicMOAIDConfigurationBoolean( + basicConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, moaAuthConfig.isTrustmanagerrevoationchecking(), moaAuthConfig.getRevocationMethodOrder(), - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java index e878f8ab1..3e7dcbdfc 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveConsentForAddtionalAttributesTask.java @@ -86,7 +86,7 @@ public class ReceiveConsentForAddtionalAttributesTask extends AbstractAuthServle tokenServiceURL); CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient( sslFactory, - authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + authConfig.getBasicConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); //build request URL URIBuilder uriBuilderToken = new URIBuilder(tokenServiceURL); diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java index aa4dfbe60..f97267b3d 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java @@ -323,14 +323,14 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false), moaAuthConfig.getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, moaAuthConfig.isTrustmanagerrevoationchecking(), moaAuthConfig.getRevocationMethodOrder(), - moaAuthConfig.getBasicMOAIDConfigurationBoolean( + moaAuthConfig.getBasicConfigurationBoolean( AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index 3408cf538..a0b759ced 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -97,7 +97,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { X509Certificate encCert = null; - if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_ENABLE_EID_ENCRYPTION, true)) + if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_ENABLE_EID_ENCRYPTION, true)) encCert = joseTools.getEncryptionCertificate(); else Logger.info("eID data encryption is disabled by configuration"); @@ -120,7 +120,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { vdaQualeIDUrl); CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient( sslFactory, - moaAuthConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + moaAuthConfig.getBasicConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); //build http POST request HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build()); @@ -211,7 +211,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { private String extractVDAURLForSpecificOA(ISPConfiguration oaConfig, ExecutionContext executionContext) { String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS); - Map endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); + Map endPointMap = authConfig.getBasicConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); if (MiscUtil.isNotEmpty(spSpecificVDAEndpoints)) { endPointMap.putAll(KeyValueUtils.convertListToMap( KeyValueUtils.getListOfCSVValues( diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index fc386b796..1826f824d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -103,10 +103,10 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { //validate signature VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad( sl20ReqObj, joseTools, - authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); + authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) { - if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) { + if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) { Logger.info("SL20 result from VDA was not valid signed"); throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."}); @@ -133,7 +133,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result( payLoad, joseTools, - authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_ENCRYPTION, true)); + authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_ENCRYPTION, true)); //extract attributes from result Map eIDData = SL20JSONExtractorUtils.getMapOfStringElements(qualeIDResult); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java index 0c97641c7..468a91293 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java @@ -94,7 +94,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { //TODO: add LoA verification } catch (MOAIDException e) { - if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) { + if (authConfig.getBasicConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) { Logger.warn("SL20 eID data validation IS DISABLED!!"); Logger.warn("SL20 eID data IS NOT VALID!!! Reason: " + e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java index 7b82eb253..b43eb22f8 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -127,7 +127,7 @@ public class DummyAuthConfig implements AuthConfiguration { } @Override - public Map getBasicMOAIDConfigurationWithPrefix(String prefix) { + public Map getBasicConfigurationWithPrefix(String prefix) { // TODO Auto-generated method stub return null; } @@ -394,13 +394,6 @@ public class DummyAuthConfig implements AuthConfiguration { return null; } - @Override - public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { - // TODO Auto-generated method stub - return false; - } - - @Override public URI getConfigurationRootDirectory() { // TODO Auto-generated method stub @@ -425,4 +418,16 @@ public class DummyAuthConfig implements AuthConfiguration { return null; } + @Override + public Boolean getBasicConfigurationBoolean(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean getBasicConfigurationBoolean(String key, boolean defaultValue) { + // TODO Auto-generated method stub + return false; + } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index efbfd8472..912ad5859 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -28,6 +28,7 @@ import java.util.List; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_VALUES; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; @@ -405,5 +406,17 @@ public class SSOTransferAuthenticationData implements IMOAAuthData { return null; } + @Override + public byte[] getEIDToken() { + // TODO Auto-generated method stub + return null; + } + + @Override + public EID_IDENTITY_STATUS_LEVEL_VALUES getEIDStatus() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 10ae63e17..fc8fb5955 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -54,6 +54,8 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDEIDTokenBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -393,6 +395,42 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } + try { + String onlineIDL = new EIDEIDTokenBuilder().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(onlineIDL)) { + Logger.trace("Adding Online-IDL: " + onlineIDL + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.EID_E_ID_TOKEN_FRIENDLY_NAME, onlineIDL, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional 'Online-IDL' attribute. Reason: " + e.getMessage()); + + } + + try { + String eidStatusLevel = new EidIdentityStatusLevelAttributeBuiler().build( + oaParam, + authData, + new SimpleStringAttributeGenerator()); + if (MiscUtil.isNotEmpty(eidStatusLevel)) { + Logger.trace("Adding IdentityStatusLevel: " + eidStatusLevel + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_FRIENDLY_NAME, eidStatusLevel, + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + + } + } catch (AttributeBuilderException e) { + Logger.info("Can NOT build additional 'IdentityStatusLevel' attribute. Reason: " + e.getMessage()); + + } + //for mandates try { String additionalMandatorBpks = new MandateNaturalPersonBPKListAttributeBuilder().build( @@ -429,6 +467,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer { Logger.info("Can NOT build foreign Mandator bPKs. Reason: " + e.getMessage()); } + + } diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml index 0718f9017..252d20000 100644 --- a/id/server/modules/module-monitoring/pom.xml +++ b/id/server/modules/module-monitoring/pom.xml @@ -18,9 +18,13 @@ - + + + MOA.id.server + moa-id-lib diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index a86090178..85dc122dd 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -35,8 +35,9 @@ moa-id-module-ssoTransfer moa-id-module-bkaMobilaAuthSAML2Test - moa-id-module-sl20_authentication + moa-id-module-sl20_authentication moa-id-module-AT_eIDAS_connector + moa-id-module-E-ID_connector diff --git a/pom.xml b/pom.xml index 772ab3f31..8e82eaee6 100644 --- a/pom.xml +++ b/pom.xml @@ -38,6 +38,8 @@ 2.6.6 1.4.6 2.1.2 + 2.3.1 + 1.1 5.3.6.Final 2.5.0 @@ -298,6 +300,18 @@ xmlsec ${xmlsec.version} + + + javax.xml.ws + jaxws-api + ${jaxws-api.version} + + + javax.jws + javax.jws-api + ${jws-api.version} + + com.google.guava @@ -582,13 +596,13 @@ ${moa-id-module-elga_mandate_client} - + MOA.id.server.modules moa-id-module-bkaMobilaAuthSAML2Test ${moa-id-version} - + MOA.id.server.modules moa-id-module-sl20_authentication ${moa-id-version} @@ -599,7 +613,14 @@ moa-id-module-AT_eIDAS_connector ${moa-id-version} - + + + MOA.id.server.modules + moa-id-module-EID_connector + ${moa-id-version} + + + MOA.id.server moa-id-commons -- cgit v1.2.3 From 4392bf1deba6ac8c6c28a48d896b0fb7a8757a34 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 5 Jun 2019 13:11:15 +0200 Subject: move useMandate into parent interface --- .../java/at/gv/egovernment/moa/id/data/IMOAAuthData.java | 1 - .../gv/egovernment/moa/id/data/MOAAuthenticationData.java | 13 ------------- 2 files changed, 14 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java index 1e42b1e1b..7a298220b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java @@ -41,7 +41,6 @@ public interface IMOAAuthData extends IEidAuthData{ String getBkuURL(); String getInterfederatedIDP(); boolean isInterfederatedSSOSession(); - boolean isUseMandate(); IMISMandate getMISMandate(); Element getMandate(); String getMandateReferenceValue(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java index 9b6de0f29..f79e80cd2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -62,7 +62,6 @@ public class MOAAuthenticationData extends EidAuthenticationData implements IMOA private List roles = null; private String pvpAttribute_OU = null; - private boolean useMandate = false; private IMISMandate mandate = null; private String mandateReferenceValue = null; @@ -160,18 +159,6 @@ public class MOAAuthenticationData extends EidAuthenticationData implements IMOA this.mandate = mandate; } - - @Override - public boolean isUseMandate() { - return useMandate; - } - - - public void setUseMandate(boolean useMandate) { - this.useMandate = useMandate; - } - - @Override public boolean isPublicAuthority() { return publicAuthority; -- cgit v1.2.3 From be9690f51d848930ef61c7eb4ecf05ea1dc7f2b7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 7 Jun 2019 10:45:07 +0200 Subject: update AuthenticationDataBuilder to support Prof.Rep bPKs in E-ID Proxy mode --- .../id/auth/builder/AuthenticationDataBuilder.java | 54 ++++++++++++++-------- .../data/SSOTransferAuthenticationData.java | 6 +++ 2 files changed, 42 insertions(+), 18 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 09d517f5a..d26f7b396 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -428,6 +428,24 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.setMISMandate(misMandate); authData.setUseMandate(true); + //#################################################### + // set bPK and IdentityLink for Organwalter --> + // Organwalter has a special bPK is received from MIS + if (authData.isUseMandate() && session.isOW() && misMandate != null + && MiscUtil.isNotEmpty(misMandate.getOWbPK())) { + //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!! + authData.setBPK(misMandate.getOWbPK()); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); + Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK()); + + //set bPK and IdenityLink for all other + Logger.debug("User is an OW. Set original IDL into authdata ... "); + authData.setIdentityLink(session.getIdentityLink()); + + + + } + } catch (IOException e) { Logger.error("Base64 decoding of PVP-Attr:"+ PVPConstants.MANDATE_FULL_MANDATE_FRIENDLY_NAME + " FAILED.", e); @@ -471,24 +489,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } } - //#################################################### - // set bPK and IdentityLink for Organwalter --> - // Organwalter has a special bPK is received from MIS - if (authData.isUseMandate() && session.isOW() && misMandate != null - && MiscUtil.isNotEmpty(misMandate.getOWbPK())) { - //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!! - authData.setBPK(misMandate.getOWbPK()); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); - Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK()); - - //set bPK and IdenityLink for all other - Logger.debug("User is an OW. Set original IDL into authdata ... "); - authData.setIdentityLink(session.getIdentityLink()); - - - - } - + //################################################################### //set PVP role attribute (implemented for ISA 1.18 action) includedToGenericAuthData.remove(PVPConstants.ROLES_NAME); @@ -926,7 +927,24 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } } } + @Override + protected boolean matchsReceivedbPKToOnlineApplication(ISPConfiguration oaParam, String bPKType) { + boolean bPKTypeMatch = oaParam.getAreaSpecificTargetIdentifier().equals(bPKType); + if (!bPKTypeMatch) { + Logger.trace("bPKType does not match to Online-Application. Checking if it is Prof.Rep. bPK ... "); + if (EAAFConstants.URN_PREFIX_OW_BPK.equals(bPKType)) { + Logger.debug("Find Prof.Rep. bPKType. This matchs on every SP-Target"); + bPKTypeMatch = true; + + } else + Logger.trace("bPKType is not of type: " + EAAFConstants.URN_PREFIX_OW_BPK + " Matching failed."); + + } + + return bPKTypeMatch; + } + @Override protected IAuthData getAuthDataInstance(IRequest pendingReq) throws EAAFException { throw new RuntimeException("This method is NOT supported by MOA-ID"); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 912ad5859..b22dfa3a7 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -418,5 +418,11 @@ public class SSOTransferAuthenticationData implements IMOAAuthData { return null; } + @Override + public String getVdaEndPointUrl() { + // TODO Auto-generated method stub + return null; + } + } -- cgit v1.2.3 From ab96e8a88b7c3772ef73c9ecb61f988158a64903 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 7 Jun 2019 10:46:13 +0200 Subject: add new status codes --- .../src/main/resources/resources/properties/id_messages_de.properties | 2 ++ .../resources/properties/protocol_response_statuscodes_de.properties | 3 +++ 2 files changed, 5 insertions(+) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index acce76689..fa7bc659e 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -124,6 +124,8 @@ builder.08=Authentication process could NOT completed. Reason: {0} builder.09=Can not build GUI component. Reason: {0} builder.10=Can not create or update SSO session. SSO NOT POSSIBLE builder.11=Fehler beim generieren der Anmeldedaten f\u00FCr die Online Applikation +builder.12=Can not build attribute: {0} +builder.13=No valid bPK received. Maybe there is a mismatch between ApplicationRegister and MOA-ID configuration service.00=Fehler beim Aufruf des Web Service: {0} service.01=Fehler beim Aufruf des Web Service: kein Endpoint diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index b878eadf3..5ecb242bd 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -93,6 +93,9 @@ builder.08=1008 builder.09=9103 builder.10=1009 builder.11=9102 +builder.12=1008 +builder.13=1008 + service.00=4300 service.03=4300 -- cgit v1.2.3 From d7b6e57eeb37ef02ceadfe51ca730bccbed939c6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 7 Jun 2019 10:46:34 +0200 Subject: update third-party libs --- id/moa-spss-container/pom.xml | 8 +- id/readme_4.0.0.txt | 354 +++++++++++++++++++++++++++++++++++++++ id/server/auth-edu/pom.xml | 5 + id/server/idserverlib/pom.xml | 7 +- id/server/moa-id-commons/pom.xml | 2 +- pom.xml | 47 ++++-- 6 files changed, 395 insertions(+), 28 deletions(-) create mode 100644 id/readme_4.0.0.txt (limited to 'id/server/idserverlib') diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index 1cd269367..992ace415 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -187,18 +187,16 @@ - javax.xml.bind - jaxb-api - + javax.xml.bind + jaxb-api + com.sun.xml.bind jaxb-impl - ${jaxb.version} com.sun.xml.bind jaxb-core - ${jaxb.version} 0.3 1.0.7 - 5.1.5.RELEASE - 2.1.5.RELEASE - 2.1.5.RELEASE + 5.1.7.RELEASE + 2.1.8.RELEASE + 2.1.8.RELEASE 2.22.0 - 2.3.0 - 27.0-jre + 2.3.1 + 2.3.0.1 + 27.1-jre 2.6.6 1.4.6 - 2.1.2 + 2.1.3 2.3.1 1.1 - 5.3.6.Final - 2.5.0 + 5.4.3.Final + 2.6.0 - 3.2.6 - 2.5.18 + 3.3.2 + 2.5.20 2.0.0 - 1.7.25 + 1.7.26 - 4.5.6 - 4.4.10 + 4.5.8 + 4.4.11 - 8.0.12 + 8.0.16 4.12 2.6 - 3.7 - 4.1 + 3.9 + 4.3 3.2.2 1.6 - 2.10 + 2.10.2 - 2.9.7 + 2.9.9 1.4 ${org.springframework.version} @@ -813,6 +814,16 @@ ${apache-cli-version} + + com.sun.xml.bind + jaxb-core + ${jaxb-core.version} + + + com.sun.xml.bind + jaxb-impl + ${jaxb.version} + org.easymock -- cgit v1.2.3 From 54f5d0ba499454bdb3890b38f9a5af67175b8354 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 12 Jun 2019 15:10:03 +0200 Subject: downgrade jedis to solve dependency problems --- id/server/idserverlib/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 703b2a8a5..c921dacf8 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -499,7 +499,6 @@ org.springframework.data spring-data-redis - ${org.springframework.data.spring-data-redis} @@ -510,7 +509,8 @@ redis.clients jedis - 3.0.1 + + 2.10.2 0.3 - 1.0.7 + 1.0.8 5.1.7.RELEASE 2.1.8.RELEASE 2.1.8.RELEASE -- cgit v1.2.3 From 9ac6dded6ec870f6d6ae03dbb43214ef2489e3c3 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 5 Aug 2019 15:21:30 +0200 Subject: update paths to maven repos --- id/ConfigWebTool/pom.xml | 4 ++-- id/moa-id-webgui/pom.xml | 2 +- id/oa/pom.xml | 4 ++-- id/server/auth-edu/pom.xml | 2 +- id/server/auth-final/pom.xml | 2 +- id/server/idserverlib/pom.xml | 2 +- id/server/moa-id-commons/pom.xml | 12 ++++++------ id/server/moa-id-jaxb_classes/pom.xml | 6 +++--- id/server/proxy/pom.xml | 2 +- 9 files changed, 18 insertions(+), 18 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index d3fbe9899..512b69a86 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -26,14 +26,14 @@ - local + moaid_local local file:${basedir}/../../repository shibboleth.internet2.edu Internet2 - https://build.shibboleth.net/nexus/content/groups/public/ + https://apps.egiz.gv.at/shibboleth_nexus/ jboss diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index 718471e05..9a7b55379 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -20,7 +20,7 @@ shibboleth.internet2.edu Internet2 - https://build.shibboleth.net/nexus/content/groups/public/ + https://apps.egiz.gv.at/shibboleth_nexus/ diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 4c5d16571..c57f09a44 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -22,12 +22,12 @@ shibboleth.internet2.edu Internet2 - https://build.shibboleth.net/nexus/content/groups/public/ + https://apps.egiz.gv.at/shibboleth_nexus/ IAIK Local iaik/libs - http://nexus.iaik.tugraz.at/nexus/content/repositories/iaik/ + https://apps.egiz.gv.at/maven/ diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index f662f11e3..01b73f48d 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -21,7 +21,7 @@ shibboleth.internet2.edu Internet2 - https://build.shibboleth.net/nexus/content/groups/public/ + https://apps.egiz.gv.at/shibboleth_nexus/ diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index f3705c1f7..2fca5d6d4 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -21,7 +21,7 @@ shibboleth.internet2.edu Internet2 - https://build.shibboleth.net/nexus/content/groups/public/ + https://apps.egiz.gv.at/shibboleth_nexus/ diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index ae70a6a7e..b12b2cb17 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -20,7 +20,7 @@ shibboleth.internet2.edu Internet2 - https://build.shibboleth.net/nexus/content/groups/public/ + https://apps.egiz.gv.at/shibboleth_nexus/ diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 86771932f..1841a66ee 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -18,15 +18,15 @@ - local + moaid_local local file:${basedir}/../../../repository - shibboleth.internet2.edu - Internet2 - https://build.shibboleth.net/nexus/content/groups/public/ - + shibboleth.internet2.edu + Internet2 + https://apps.egiz.gv.at/shibboleth_nexus/ + hyberjaxb http://repository.highsource.org/maven2/releases/ @@ -43,7 +43,7 @@ egiz-commons - https://demo.egiz.gv.at/int-repo/ + https://apps.egiz.gv.at/maven/ true diff --git a/id/server/moa-id-jaxb_classes/pom.xml b/id/server/moa-id-jaxb_classes/pom.xml index 1c1eb7121..324fe8af1 100644 --- a/id/server/moa-id-jaxb_classes/pom.xml +++ b/id/server/moa-id-jaxb_classes/pom.xml @@ -18,13 +18,13 @@ local - local + moaid_local file:${basedir}/../../../repository shibboleth.internet2.edu Internet2 - https://build.shibboleth.net/nexus/content/groups/public/ + https://apps.egiz.gv.at/shibboleth_nexus/nt/groups/public/ hyberjaxb @@ -42,7 +42,7 @@ egiz-commons - https://demo.egiz.gv.at/int-repo/ + https://apps.egiz.gv.at/maven/ true diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml index a672df2f6..4a18f6b2e 100644 --- a/id/server/proxy/pom.xml +++ b/id/server/proxy/pom.xml @@ -13,7 +13,7 @@ shibboleth.internet2.edu Internet2 - https://build.shibboleth.net/nexus/content/groups/public/ + https://apps.egiz.gv.at/shibboleth_nexus/ -- cgit v1.2.3 From 00bdab2679d27e0b6db21fe97915211c7d771c52 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 5 Aug 2019 16:00:30 +0200 Subject: test profiles to switch between Java <=8 and Java > 8 --- id/server/idserverlib/pom.xml | 276 +++++++++++++++++++++++---------------- id/server/moa-id-commons/pom.xml | 42 +++--- pom.xml | 6 + 3 files changed, 197 insertions(+), 127 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index b12b2cb17..b576c7a87 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -529,90 +529,174 @@ + + + java8 + + [1.7,1.8] + + + + + org.apache.maven.plugins + maven-javadoc-plugin + 3.0.1 + + + javax.annotation + javax.annotation-api + 1.3.1 + compile + + + + UTF-8 + UTF-8 + true + false + false + true + false + at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.*;at.gv.egovernment.moa.id.client.* + + + pre + a + Preconditions: + + + post + a + Postconditions: + + + + http://docs.oracle.com/javase/7/docs/api/ + http://logging.apache.org/log4j/docs/api/ + + 1.7 + + + + generate-javadoc + package + + jar + + + + + + maven-surefire-plugin + ${surefire.version} + + 1 + + + + org.apache.maven.surefire + surefire-junit47 + ${surefire.version} + + + + + + + + java9 + + [1.9,1.99) + + + + + org.apache.maven.plugins + maven-javadoc-plugin + 3.0.1 + + + javax.annotation + javax.annotation-api + 1.3.1 + compile + + + + UTF-8 + UTF-8 + true + false + false + true + false + at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.*;at.gv.egovernment.moa.id.client.* + + + pre + a + Preconditions: + + + post + a + Postconditions: + + + + http://docs.oracle.com/javase/7/docs/api/ + http://logging.apache.org/log4j/docs/api/ + + 1.7 + + + + generate-javadoc + package + + jar + + + + --add-modules ALL-SYSTEM ${additionalparam} + --add-modules ALL-SYSTEM + + + + + + maven-surefire-plugin + ${surefire.version} + + 1 + --add-modules java.xml.bind + + + + org.apache.maven.surefire + surefire-junit47 + ${surefire.version} + + + + + + + + - - - - - org.apache.maven.plugins - maven-dependency-plugin - 2.8 - - - + + + org.apache.maven.plugins + maven-dependency-plugin + 2.8 + + + + - - org.apache.maven.plugins - maven-javadoc-plugin - 3.0.1 - - - javax.annotation - javax.annotation-api - 1.3.1 - compile - - - - UTF-8 - UTF-8 - true - false - false - true - false - at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.*;at.gv.egovernment.moa.id.client.* - - - pre - a - Preconditions: - - - post - a - Postconditions: - - - - http://docs.oracle.com/javase/7/docs/api/ - http://logging.apache.org/log4j/docs/api/ - - 1.7 - - - - generate-javadoc - package - - jar - - - - --add-modules ALL-SYSTEM ${additionalparam} - --add-modules ALL-SYSTEM - - - - + org.apache.maven.plugins maven-compiler-plugin @@ -627,13 +711,6 @@ org.apache.maven.plugins maven-jar-plugin - @@ -642,29 +719,6 @@ - - - - maven-surefire-plugin - ${surefire.version} - - 1 - --add-modules java.xml.bind - - - - org.apache.maven.surefire - surefire-junit47 - ${surefire.version} - - - - - diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 1841a66ee..d4d0d0563 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -68,25 +68,35 @@ at.gv.util - egovutils - - - * - * - - + egovutils + + + * + * + + - - org.opensaml - opensaml - - - * - * - - + + org.opensaml + opensaml + + + * + * + + + + org.opensaml + openws + + + * + * + + + org.apache.httpcomponents diff --git a/pom.xml b/pom.xml index 260b35e3d..bef5c174e 100644 --- a/pom.xml +++ b/pom.xml @@ -37,6 +37,7 @@ 27.1-jre 2.6.6 + 1.5.6 1.4.6 2.1.3 2.3.1 @@ -302,6 +303,11 @@ xmltooling ${xmltooling.version} + + org.opensaml + openws + ${org.opensaml.openws.version} + org.apache.santuario xmlsec -- cgit v1.2.3 From e4fa532f93f10115e1f39c97cc96e5950a048884 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 11 Dec 2019 16:01:38 +0100 Subject: update to EAAF-Components 1.0.13.1 Enforce E-ID authentication based on Service-Provider configuration --- id/server/doc/handbook/protocol/protocol.html | 12 ++--- .../id/auth/modules/BKUSelectionModuleImpl.java | 3 +- .../modules/SingleSignOnConsentsModuleImpl.java | 3 +- .../pvp2x/metadata/MOAMetadataProvider.java | 6 +-- .../moa/id/commons/api/ConfigurationProvider.java | 4 +- .../moa/id/commons/utils/MOAIDMessageProvider.java | 6 +++ ...roviderSpecificGUIFormBuilderConfiguration.java | 3 +- .../DefaultGUIFormBuilderConfiguration.java | 7 +-- .../internal/DefaultCitizenCardAuthModuleImpl.java | 3 +- .../EidasCentralAuthModuleImpl.java | 3 +- .../eidproxyauth/EIDProxyAuthModuleImpl.java | 52 +++++++++++++--------- .../bkamobileauthtests/BKAMobileAuthModule.java | 3 +- ...strianAuthWitheID4UAuthenticationModulImpl.java | 29 +++--------- .../eidas/eIDASAuthenticationModulImpl.java | 3 +- .../engine/MOAeIDASChainingMetadataProvider.java | 6 +-- .../tasks/CollectAddtionalAttributesTask.java | 6 ++- .../elgamandates/ELGAMandatesAuthModuleImpl.java | 5 ++- .../oauth20/protocol/OAuth20BaseRequest.java | 3 +- .../sl20_auth/SL20AuthenticationModulImpl.java | 9 ++-- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 3 +- .../ssotransfer/SSOTransferAuthModuleImpl.java | 3 +- .../FederatedAuthenticationModuleImpl.java | 3 +- .../tasks/CreateAuthnRequestTask.java | 4 +- .../tasks/ReceiveAuthnResponseTask.java | 6 ++- pom.xml | 14 +++--- 25 files changed, 107 insertions(+), 92 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index 2b3dbff98..dc55dda3b 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -123,12 +123,12 @@ Redirect Binding OpenID Connect Authentifizierungsrequest
(AuthCode-Request) - https://<host>:<port>/moa-id-auth/oauth3/auth + https://<host>:<port>/moa-id-auth/oauth2/auth OpenID Connect

AccessToken-Request

- https://<host>:<port>/moa-id-auth/oauth3/token + https://<host>:<port>/moa-id-auth/oauth2/token SAML 1 @@ -1320,8 +1320,8 @@ https://<host>:<port>/moa-id-auth/pvp2/metadata

3.2 Zugangspunkte

Zur Verwendung von OpenID Connect stellt das Modul MOA-ID-Auth zwei Zugangspunkte zur Kommunikation mit der Online-Applikation zur Verfügung. Diese Zugangspunkte bezeichnen die URLs unter welchen das Modul MOA-ID-Auth die entsprechenden OpenID Connect Nachrichten entgegennimmt.

    -
  • AuthCode-Request: https://<host>:<port>/moa-id-auth/oauth3/auth
    Unter dieser URL wird der Authn Request entgegengenommen. Dieser Request startet den Authentifizierungsvorgang an der Online-Applikation. Hier finden Sie Detailinformationen zum Request und zur Response.
    • -
  • AccessToken-Request: https://<host>:<port>/moa-id-auth/oauth3/token
    Unter dieser URL können nach erfolgreicher Authentifizierung die eigentlichen Authentifizierungsdaten am Modul MOA-ID-Auth abgeholt werden. Hier finden Sie Detailinformationen zum Request und zur Response.
    • +
  • AuthCode-Request: https://<host>:<port>/moa-id-auth/oauth2/auth
    Unter dieser URL wird der Authn Request entgegengenommen. Dieser Request startet den Authentifizierungsvorgang an der Online-Applikation. Hier finden Sie Detailinformationen zum Request und zur Response.
    • +
  • AccessToken-Request: https://<host>:<port>/moa-id-auth/oauth2/token
    Unter dieser URL können nach erfolgreicher Authentifizierung die eigentlichen Authentifizierungsdaten am Modul MOA-ID-Auth abgeholt werden. Hier finden Sie Detailinformationen zum Request und zur Response.

3.3 Beschreibung der Nachrichten

Dieser Abschnitt beschreibt die einzelnen OpenID Connect spezifischen Nachrichten, welche zwischen der Online-Applikation und dem Modul MOA-ID-Auth während eines Authentifizierungsvorgangs ausgetauscht werden. Hierbei wird auch auf das Sequenzdiagramm aus Abschnitt 3.1 Bezug genommen.

@@ -1376,7 +1376,7 @@ Folgende Parameter müssen mit dem AuthCode-Request mitgesendet werden, wobe

 

Nachfolgend ein Beispiel für einen OpenID Connect Authentifizierungsrequest an das Modul MOA-ID-Auth.

-
<form method="get" action="https://demo.egiz.gv.at/demoportal_moaid-2.0/oauth3/auth">
+
<form method="get" action="https://demo.egiz.gv.at/demoportal_moaid-2.0/oauth2/auth">
   <input type="hidden" value="code" name="response_type">
   <input type="hidden" value="https://demo.egiz.gv.at/demoportal-openID_demo" name="client_id">
   <input type="hidden" value="https://demo.egiz.gv.at/demoportal-openID_demo/securearea.action" name="redirect_uri">
@@ -1442,7 +1442,7 @@ Folgende Parameter müssen mit dem AuthCode-Request mitgesendet werden, wobe
 
 
 

 
Nachfolgend ein Beispiel für einen AccessToken Request

-
<form method="POST" action="https://demo.egiz.gv.at/demoportal_moaid-2.0/oauth3/token">
+
<form method="POST" action="https://demo.egiz.gv.at/demoportal_moaid-2.0/oauth2/token">
   <input type="hidden" value="authorization_code" name="grant_type">
   <input type="hidden" value="https://demo.egiz.gv.at/demoportal-openID_demo" name="client_id">
   <input type="hidden" value="https://demo.egiz.gv.at/demoportal-openID_demo/securearea.action" name="redirect_uri">
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
index bd183d906..6426e0e0c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth.modules;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
@@ -50,7 +51,7 @@ public class BKUSelectionModuleImpl implements AuthModule {
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
 	 */
 	@Override
-	public String selectProcess(ExecutionContext context) {
+	public String selectProcess(ExecutionContext context, IRequest pendingReq) {
 		boolean performBKUSelection = false;
 		Object performBKUSelectionObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION);
 		if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
index b624e13ef..e8ce0f9c1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
@@ -22,6 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 
@@ -46,7 +47,7 @@ public class SingleSignOnConsentsModuleImpl implements AuthModule {
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
 	 */
 	@Override
-	public String selectProcess(ExecutionContext context) {
+	public String selectProcess(ExecutionContext context, IRequest pendingReq) {
 		Object evaluationObj = context.get(PARAM_SSO_CONSENTS_EVALUATION);
 		if (evaluationObj != null && evaluationObj instanceof Boolean) {
 			boolean evaluateSSOConsents = (boolean) evaluationObj;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index ff5379498..0be49a23e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -64,7 +64,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
 		
 	@Override
 	protected String getMetadataURL(String entityId) throws EAAFConfigurationException {
-		ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId);
+		ISPConfiguration oaParam = moaAuthConfig.getServiceProviderConfiguration(entityId);
 		if (oaParam != null)
 			return oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
 		
@@ -78,7 +78,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
 	
 	@Override
 	protected MetadataProvider createNewMetadataProvider(String entityId) throws EAAFConfigurationException, IOException, CertificateException {
-		ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId);
+		ISPConfiguration oaParam = moaAuthConfig.getServiceProviderConfiguration(entityId);
 		if (oaParam != null) {
 			String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);		
 			String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
@@ -117,7 +117,7 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
 			while (oaInterator.hasNext()) {
 				Entry oaKeyPair = oaInterator.next();
 				
-				ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
+				ISPConfiguration oaParam = moaAuthConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
 				if (oaParam != null) {
 					String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
 					if (MiscUtil.isNotEmpty(metadataurl))
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
index 12b9517a6..2873b17ef 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
@@ -22,14 +22,14 @@
  */
 package at.gv.egovernment.moa.id.commons.api;
 
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 
 /**
  * @author tlenz
  *
  */
-public interface ConfigurationProvider extends IConfiguration{
+public interface ConfigurationProvider extends IConfigurationWithSP{
 
 	  /** 
 	   * The name of the system property which contains the file name of the 
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
index f4143e434..f9b43c193 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
@@ -146,4 +146,10 @@ public String mapInternalErrorToExternalError(String intErrorCode) {
 	return extErrorCode;
 }
 
+@Override
+public String getMessageWithoutDefault(String messageId, Object[] parameters) {
+  return getMessage(messageId, parameters);
+  
+}
+
 }
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index 6645b24bc..23b8dcd84 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -31,6 +31,7 @@ import java.util.Map.Entry;
 import org.apache.commons.lang.StringEscapeUtils;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.GroupDefinition;
 import at.gv.egiz.eaaf.core.api.gui.IVelocityGUIBuilderConfiguration;
 import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
@@ -116,7 +117,7 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 	}
 	
 	@Override
-	protected final String getFromGroup() {
+	protected final GroupDefinition getFromGroup() {
 		return null;
 		
 	}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
index 7965f3c85..e14558d29 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
@@ -30,6 +30,7 @@ import java.util.Map.Entry;
 import org.apache.commons.lang.StringEscapeUtils;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.GroupDefinition;
 import at.gv.egiz.eaaf.core.api.gui.IVelocityGUIBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration;
 import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderConfiguration;
@@ -78,7 +79,7 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo
 	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.ModifyableGuiBuilderConfiguration#putCustomParameterWithOutEscaption(java.lang.String, java.lang.Object)
 	 */
 	@Override
-	public void putCustomParameterWithOutEscaption(String group, String key, Object value) {
+	public void putCustomParameterWithOutEscaption(GroupDefinition group, String key, Object value) {
 		if (customParameters == null)
 			customParameters = new HashMap();
 		
@@ -89,7 +90,7 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo
 	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.ModifyableGuiBuilderConfiguration#putCustomParameter(java.lang.String, java.lang.String)
 	 */
 	@Override
-	public void putCustomParameter(String group, String key, String value) {
+	public void putCustomParameter(GroupDefinition group, String key, String value) {
 		if (customParameters == null)
 			customParameters = new HashMap();
 		
@@ -143,7 +144,7 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo
 	}
 
 	@Override
-	protected final String getFromGroup() {
+	protected final GroupDefinition getFromGroup() {
 		return null;
 		
 	}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
index 1962d6c82..82fb42c32 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
@@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.auth.modules.internal;
 
 import org.apache.commons.lang3.StringUtils;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -18,7 +19,7 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule {
 	}
  
 	@Override
-	public String selectProcess(ExecutionContext context) {		
+	public String selectProcess(ExecutionContext context, IRequest pendingReq) {		
 		//select process if BKU is selected and it is no STORK authentication
 		
 		boolean performBKUSelection = false;
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
index 821a200c7..53b3f3e1a 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
@@ -29,6 +29,7 @@ import javax.annotation.PostConstruct;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
@@ -64,7 +65,7 @@ public class EidasCentralAuthModuleImpl implements AuthModule {
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
 	 */
 	@Override
-	public String selectProcess(ExecutionContext context) {
+	public String selectProcess(ExecutionContext context, IRequest pendingReq) {
 		Serializable paramObj = context.get(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION);
 		if (paramObj != null ) {
 			if (paramObj instanceof String) {		
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java
index f4c27e047..85d9d0f76 100644
--- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java
@@ -29,9 +29,11 @@ import javax.annotation.PostConstruct;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -66,27 +68,37 @@ public class EIDProxyAuthModuleImpl implements AuthModule {
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
 	 */
 	@Override
-	public String selectProcess(ExecutionContext context) {
-		
-		if (authConfig.getBasicConfigurationBoolean(EIDProxyAuthConstants.CONFIG_PROPS_DISABLE_PROCESS_ENFORCEMENT, false)) {
-			Serializable paramObj = context.get(EIDProxyAuthConstants.HTTP_PARAM_EIDPROXY_AUTH_SELECTION);
-			if (paramObj != null ) {
-				if (paramObj instanceof String) {		
-					String param = (String)paramObj;
-					if (StringUtils.isNotEmpty(param) && Boolean.parseBoolean(param)) {
-						Logger.debug("Manually selected E-ID authentication process  ");
-						return AUTH_PROCESS_NAME;
-					}
-				}
-			}
-			
-			return null;
-
-		}
-
-		Logger.trace("Select E-ID authentication process ... ");		
-		return AUTH_PROCESS_NAME;		
+	public String selectProcess(ExecutionContext context, IRequest pendingReq) {
 		
+	  if (Boolean.parseBoolean(
+          pendingReq.getServiceProviderConfiguration().getConfigurationValue(
+              MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, 
+              String.valueOf(false)))) {
+	    Logger.debug("SP: " + pendingReq.getSPEntityId() + " activates E-ID mode.");
+	    return AUTH_PROCESS_NAME;
+	    
+	  } else {	  
+  		if (authConfig.getBasicConfigurationBoolean(EIDProxyAuthConstants.CONFIG_PROPS_DISABLE_PROCESS_ENFORCEMENT, true)) {
+  		  Logger.trace("Disable E-ID enforcment is 'true' ");
+  			Serializable paramObj = context.get(EIDProxyAuthConstants.HTTP_PARAM_EIDPROXY_AUTH_SELECTION);
+  			if (paramObj != null ) {
+  				if (paramObj instanceof String) {		
+  					String param = (String)paramObj;
+  					if (StringUtils.isNotEmpty(param) && Boolean.parseBoolean(param)) {
+  						Logger.debug("Manually selected E-ID authentication process  ");
+  						return AUTH_PROCESS_NAME;
+  					}
+  				}
+  			}
+  			
+  			return null;
+  
+  		} else {
+  		  Logger.trace("Select E-ID authentication process ... ");		
+  		  return AUTH_PROCESS_NAME;
+	    
+  		}
+	  }		
 	}
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
index b17f0c121..50f675c6e 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
@@ -29,6 +29,7 @@ import javax.annotation.PostConstruct;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
 import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
@@ -95,7 +96,7 @@ public class BKAMobileAuthModule implements AuthModule {
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
 	 */
 	@Override
-	public String selectProcess(ExecutionContext context) {		
+	public String selectProcess(ExecutionContext context, IRequest pendingReq) {		
 		String spEntityID = (String) context.get(EAAFConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID);
 		String sl20ClientTypeHeader = (String) context.get("SL2ClientType".toLowerCase());
 		String sl20VDATypeHeader = (String)  context.get("X-MOA-VDA".toLowerCase());				
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java
index 6efa55ac8..daaf6a0f5 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/AustrianAuthWitheID4UAuthenticationModulImpl.java
@@ -23,17 +23,13 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas;
 
 
-import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.IRequestStorage;
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
 import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
 import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
-import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
@@ -64,29 +60,14 @@ public class AustrianAuthWitheID4UAuthenticationModulImpl extends DefaultCitizen
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
 	 */
 	@Override
-	public String selectProcess(ExecutionContext context) {
-		String selectedProcessID = super.selectProcess(context);
+	public String selectProcess(ExecutionContext context, IRequest pendingReq) {
+		String selectedProcessID = super.selectProcess(context, pendingReq);
 		if (MiscUtil.isNotEmpty(selectedProcessID)) {
-			String pendingReqId = (String)context.get(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID);
-			
-			if (StringUtils.isEmpty(pendingReqId))
-				Logger.warn("Process execution context contains NO 'pendingReqId'. Looks very suspect!");
-			
-			else {
-				IRequest pendingReq;
-				try {
-					pendingReq = requestStore.getPendingRequest(pendingReqId);
-					if (pendingReq != null && pendingReq instanceof EIDASData) {
-						return "eID4UAttributCollectionAuthentication";
+		  if (pendingReq != null && pendingReq instanceof EIDASData) {
+		    return "eID4UAttributCollectionAuthentication";
 					
-					}
-					
-				} catch (PendingReqIdValidationException e) {
-					Logger.warn("Validation of PendingRequestId FAILED. Reason: " + e.getMessage());
-					
-				}
-				
 			}
+		  
 		}	
 		
 		return selectedProcessID;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
index ec042949a..cf9a5cc60 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas;
 
 import org.apache.commons.lang3.StringUtils;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 
@@ -52,7 +53,7 @@ public class eIDASAuthenticationModulImpl implements AuthModule {
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
 	 */
 	@Override
-	public String selectProcess(ExecutionContext context) {
+	public String selectProcess(ExecutionContext context, IRequest pendingReq) {
 		if (StringUtils.isNotBlank((String) context.get("ccc")) || 
 				StringUtils.isNotBlank((String) context.get("CCC"))) 
 			return "eIDASAuthentication";
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index a1d6bb225..e879fd95b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -32,7 +32,7 @@ import org.springframework.stereotype.Service;
 import at.gv.egiz.components.spring.api.IDestroyableObject;
 import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
 import at.gv.egiz.eaaf.core.api.IPostStartupInitializable;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
 import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
@@ -52,7 +52,7 @@ import eu.eidas.auth.engine.AbstractProtocolEngine;
 public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider, 
 	IGarbageCollectorProcessing, IDestroyableObject, IRefreshableMetadataProvider, IPostStartupInitializable{
 
-	@Autowired(required=true) IConfiguration basicConfig;
+	@Autowired(required=true) IConfigurationWithSP basicConfig;
 	
 	private Timer timer = null; 
 	
@@ -82,7 +82,7 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp
 	
 	protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException {
 		try {
-			Map metadataToLoad = authConfig.getBasicConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
+			Map metadataToLoad = basicConfig.getBasicConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
 			if (!metadataToLoad.isEmpty()) {
 				Logger.info("Load static configurated eIDAS metadata ... ");			
 				for (String metaatalocation : metadataToLoad.values()) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java
index ab4179981..3b976b99e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CollectAddtionalAttributesTask.java
@@ -12,6 +12,7 @@ import org.springframework.stereotype.Component;
 import com.google.common.collect.UnmodifiableIterator;
 
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -43,6 +44,7 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask {
 	@Autowired private OAuth20AuthAction openIDAuthAction; 
 	@Autowired private ITransactionStorage transactionStorage;
 	@Autowired private AuthenticationDataBuilder authDataBuilder;
+	@Autowired(required=true) protected IConfigurationWithSP authConfigWithSp;
 	
 	@Override
 	public void execute(ExecutionContext context, HttpServletRequest httpReq, HttpServletResponse httpResp)
@@ -102,10 +104,10 @@ public class CollectAddtionalAttributesTask extends AbstractAuthServletTask {
 					
 					//generate fake OpenID_Connect request
 					OAuth20AuthRequest fakeOpenIDReq = new OAuth20AuthRequest();
-					fakeOpenIDReq.initialize(httpReq, authConfig);
+					fakeOpenIDReq.initialize(httpReq, authConfigWithSp);
 					fakeOpenIDReq.setSPEntityId(uniqueID);
 					fakeOpenIDReq.setModule(OAuth20Protocol.NAME);
-					fakeOpenIDReq.setOnlineApplicationConfiguration(authConfig.getServiceProviderConfiguration(uniqueID));
+					fakeOpenIDReq.setOnlineApplicationConfiguration(authConfigWithSp.getServiceProviderConfiguration(uniqueID));
 					fakeOpenIDReq.setScope("openId profile");
 										
 					//populate with SessionData
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
index 0d460f293..a0aa45794 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
@@ -52,8 +53,8 @@ public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl
 	}
 	
 	@Override
-	public String selectProcess(ExecutionContext context) {
-		String selectedProcessID = super.selectProcess(context);
+	public String selectProcess(ExecutionContext context, IRequest pendingReq) {
+		String selectedProcessID = super.selectProcess(context, pendingReq);
 	
 		//check if BKU authentication is selected and ELGA-MandateService is configurated
 		if (MiscUtil.isNotEmpty(selectedProcessID)) {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index 9cceea7d5..8ef33381f 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -32,6 +32,7 @@ import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
@@ -60,7 +61,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		return param;
 	}
 	
-	protected void populateParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
+	protected void populateParameters(final HttpServletRequest request, IConfigurationWithSP authConfig) throws OAuth20Exception {
 		
 		// moa id - load oa with client id!
 		try {
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
index 9c2d47ca7..9142210c8 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
@@ -29,7 +29,7 @@ import javax.annotation.PostConstruct;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
@@ -77,11 +77,8 @@ public class SL20AuthenticationModulImpl implements AuthModule {
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
 	 */
 	@Override
-	public String selectProcess(ExecutionContext context) {
-		ISPConfiguration spConfig = (ISPConfiguration) context.get(EAAFConstants.PROCESSCONTEXT_SP_CONFIG);
-//		if (spConfigObj != null && spConfigObj instanceof IOAAuthParameters)
-//			spConfig = (IOAAuthParameters)spConfigObj;
-					
+	public String selectProcess(ExecutionContext context, IRequest pendingReq) {
+		ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();					
 		String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase());
 		String sl20VDATypeHeader = (String)  context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
 		
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index a0b759ced..9c74a3cdb 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -55,6 +55,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 	@Autowired(required=true) private IJOSETools joseTools;
 	@Autowired private AuthConfiguration moaAuthConfig;
 	
+	
 	@Override 
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
@@ -211,7 +212,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 			
 	private String extractVDAURLForSpecificOA(ISPConfiguration oaConfig, ExecutionContext executionContext) {		
 		String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS);		
-		Map endPointMap = authConfig.getBasicConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
+		Map endPointMap = moaAuthConfig.getBasicConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
 		if (MiscUtil.isNotEmpty(spSpecificVDAEndpoints)) {
 			endPointMap.putAll(KeyValueUtils.convertListToMap(
 							KeyValueUtils.getListOfCSVValues(
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java
index b9d08a20f..2d7e209ca 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java
@@ -22,6 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.ssotransfer;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 
@@ -53,7 +54,7 @@ public class SSOTransferAuthModuleImpl implements AuthModule{
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
 	 */
 	@Override
-	public String selectProcess(ExecutionContext context) {		
+	public String selectProcess(ExecutionContext context, IRequest pendingReq) {		
 		Object restoreSSOSessionObj = context.get("restoreSSOSession");
 		if (restoreSSOSessionObj != null && restoreSSOSessionObj instanceof String) {
 			boolean restoreSSOSession = (boolean) Boolean.parseBoolean((String)restoreSSOSessionObj);
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
index 4068d2d99..e50836712 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
@@ -22,6 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.federatedauth;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -45,7 +46,7 @@ public class FederatedAuthenticationModuleImpl implements AuthModule {
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
 	 */
 	@Override
-	public String selectProcess(ExecutionContext context) {
+	public String selectProcess(ExecutionContext context, IRequest pendingReq) {
 		//select interfederation authentication if PERFORM_INTERFEDERATION_AUTH flag is set
 		Object performfedAuthObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH);
 		if (performfedAuthObj != null && performfedAuthObj instanceof Boolean) {
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index d0d97e9e8..a798679d7 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -36,6 +36,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
@@ -64,6 +65,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 	@Autowired FederatedAuthCredentialProvider credential;
 	@Autowired(required=true) MOAMetadataProvider metadataProvider;
 	@Autowired(required=true) ILoALevelMapper loaMapper; 
+	@Autowired(required=true) protected IConfigurationWithSP authConfigWithSp;
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -82,7 +84,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			}
 			
 			//load IDP configuration from MOA-ID Configuration
-			IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(idpEntityID, IOAAuthParameters.class);
+			IOAAuthParameters idpConfig = authConfigWithSp.getServiceProviderConfiguration(idpEntityID, IOAAuthParameters.class);
 			//validate IDP
 			if (!idpConfig.isInderfederationIDP() || !idpConfig.isInboundSSOInterfederationAllowed()) {
 				Logger.info("Requested interfederation IDP " + idpEntityID + " is not valid for interfederation.");
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index 6b6d1a196..7dce22d81 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -42,6 +42,7 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
@@ -94,6 +95,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 	@Autowired private AuthenticationDataBuilder authDataBuilder;
 	@Autowired(required=true) MOAMetadataProvider metadataProvider;
 	@Autowired(required=true) protected IAuthenticationSessionStoreage authenticatedSessionStorage;
+	@Autowired(required=true) protected IConfigurationWithSP authConfigWithSp;
 	
 	
 	/* (non-Javadoc)
@@ -150,7 +152,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
 			
 			//load IDP and SP configuration
-			IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
+			IOAAuthParameters idpConfig = authConfigWithSp.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
 			IOAAuthParameters spConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 			
 			//check if response Entity is valid
@@ -224,7 +226,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			if (msg != null) {
 				IOAAuthParameters idpConfig = null;
 				try {					
-					idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
+					idpConfig = authConfigWithSp.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
 					//remove federated IDP from SSO session if exists
 					ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
 					
diff --git a/pom.xml b/pom.xml
index f705d2e52..73432a4db 100644
--- a/pom.xml
+++ b/pom.xml
@@ -26,15 +26,15 @@
 
 			
 			0.3
-			1.0.8							
-			5.1.7.RELEASE
-			2.1.8.RELEASE
-			2.1.8.RELEASE
+			1.0.13.1							
+			5.2.2.RELEASE
+			2.2.3.RELEASE
+			2.2.3.RELEASE
 			2.22.0		
 			
 			2.3.1
 			2.3.0.1
-			27.1-jre
+			28.1-jre
 			
 			2.6.6 
 			1.5.6
@@ -46,8 +46,8 @@
 			5.4.3.Final
 			2.6.0 
 						
-			3.3.2			
-			2.5.20 
+			3.3.4			
+			2.5.22 
 			
 			2.0.0
 			
-- 
cgit v1.2.3


From 31e23d3cedeecf980e39b9637237cb8f3d01ad9f Mon Sep 17 00:00:00 2001
From: Thomas Lenz 
Date: Wed, 11 Dec 2019 16:08:19 +0100
Subject: change version to 4.1.0

---
 id/ConfigWebTool/pom.xml                                       |  2 +-
 id/moa-id-webgui/pom.xml                                       |  2 +-
 id/moa-spss-container/pom.xml                                  |  2 +-
 id/oa/pom.xml                                                  |  2 +-
 id/pom.xml                                                     |  2 +-
 id/server/auth-edu/pom.xml                                     |  2 +-
 id/server/auth-final/pom.xml                                   |  2 +-
 id/server/idserverlib/pom.xml                                  |  2 +-
 id/server/moa-id-commons/pom.xml                               |  2 +-
 id/server/moa-id-frontend-resources/pom.xml                    |  2 +-
 id/server/moa-id-jaxb_classes/pom.xml                          |  2 +-
 id/server/moa-id-spring-initializer/pom.xml                    |  2 +-
 .../modules/moa-id-modul-citizencard_authentication/pom.xml    |  2 +-
 id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml     |  2 +-
 id/server/modules/moa-id-module-E-ID_connector/pom.xml         |  2 +-
 id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml |  2 +-
 id/server/modules/moa-id-module-eIDAS/pom.xml                  |  2 +-
 id/server/modules/moa-id-module-elga_mandate_service/pom.xml   |  2 +-
 id/server/modules/moa-id-module-openID/pom.xml                 |  2 +-
 id/server/modules/moa-id-module-sl20_authentication/pom.xml    |  2 +-
 id/server/modules/moa-id-module-ssoTransfer/pom.xml            |  2 +-
 .../modules/moa-id-modules-federated_authentication/pom.xml    |  2 +-
 id/server/modules/moa-id-modules-saml1/pom.xml                 |  2 +-
 id/server/modules/module-monitoring/pom.xml                    |  2 +-
 id/server/modules/pom.xml                                      |  2 +-
 id/server/pom.xml                                              |  2 +-
 pom.xml                                                        | 10 +++++-----
 27 files changed, 31 insertions(+), 31 deletions(-)

(limited to 'id/server/idserverlib')

diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index 84e938440..aabda170f 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -3,7 +3,7 @@
     
         MOA
         id
-        4.0.1-snapshot
+        4.1.0
     
 
     4.0.0
diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml
index 9a7b55379..dc592c5d9 100644
--- a/id/moa-id-webgui/pom.xml
+++ b/id/moa-id-webgui/pom.xml
@@ -3,7 +3,7 @@
     
         MOA
         id
-        4.0.1-snapshot
+        4.1.0
     
   
   4.0.0
diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml
index e8f71321e..fb27ca174 100644
--- a/id/moa-spss-container/pom.xml
+++ b/id/moa-spss-container/pom.xml
@@ -3,7 +3,7 @@
   
     MOA
     id
-    4.0.1-snapshot
+    4.1.0
   
   MOA.id
   moa-spss-container
diff --git a/id/oa/pom.xml b/id/oa/pom.xml
index c57f09a44..29a37f2c4 100644
--- a/id/oa/pom.xml
+++ b/id/oa/pom.xml
@@ -4,7 +4,7 @@
     
   		MOA
     	id
-    	4.0.1-snapshot
+    	4.1.0
   	
     
     4.0.0
diff --git a/id/pom.xml b/id/pom.xml
index c9b13276e..66a9e02ab 100644
--- a/id/pom.xml
+++ b/id/pom.xml
@@ -3,7 +3,7 @@
     
         MOA
         MOA
-        4.0.1-snapshot
+        4.1.0
     
 
     4.0.0
diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml
index 01b73f48d..d9e399552 100644
--- a/id/server/auth-edu/pom.xml
+++ b/id/server/auth-edu/pom.xml
@@ -2,7 +2,7 @@
 	
 		MOA.id
 		moa-id
-		4.0.1-snapshot
+		4.1.0
 	
 	
 	4.0.0
diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml
index 5e0e062f9..c957f6cd8 100644
--- a/id/server/auth-final/pom.xml
+++ b/id/server/auth-final/pom.xml
@@ -2,7 +2,7 @@
 	
 		MOA.id
 		moa-id
-		4.0.1-snapshot
+		4.1.0
 	
 	
 	4.0.0
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index b576c7a87..39f6068e4 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -4,7 +4,7 @@
 	
 		MOA.id
 		moa-id
-		4.0.1-snapshot
+		4.1.0
 	
 
 	MOA.id.server
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index d4d0d0563..dfcad9bc7 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -4,7 +4,7 @@
     
         MOA.id
         moa-id
-        4.0.1-snapshot
+        4.1.0
     
     moa-id-commons
     moa-id-commons
diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml
index 39a7b2e47..dcd4b3d75 100644
--- a/id/server/moa-id-frontend-resources/pom.xml
+++ b/id/server/moa-id-frontend-resources/pom.xml
@@ -3,7 +3,7 @@
   
     MOA.id
     moa-id
-    4.0.1-snapshot
+    4.1.0
   
   
   MOA.id.server
diff --git a/id/server/moa-id-jaxb_classes/pom.xml b/id/server/moa-id-jaxb_classes/pom.xml
index 324fe8af1..1fb1998b3 100644
--- a/id/server/moa-id-jaxb_classes/pom.xml
+++ b/id/server/moa-id-jaxb_classes/pom.xml
@@ -3,7 +3,7 @@
   
     MOA.id
     moa-id
-    4.0.1-snapshot
+    4.1.0
   
   MOA.id.server
   moa-id-jaxb_classes
diff --git a/id/server/moa-id-spring-initializer/pom.xml b/id/server/moa-id-spring-initializer/pom.xml
index 7e10ba2f6..994bab58f 100644
--- a/id/server/moa-id-spring-initializer/pom.xml
+++ b/id/server/moa-id-spring-initializer/pom.xml
@@ -3,7 +3,7 @@
   
     MOA.id
     moa-id
-    4.0.1-snapshot
+    4.1.0
   
   
   MOA.id.server
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml
index 74e7a963c..6596312f3 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml
@@ -3,7 +3,7 @@
   
     MOA.id.server.modules
     moa-id-modules
-    4.0.1-snapshot
+    4.1.0
   
   moa-id-modul-citizencard_authentication
   
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml
index 2345d3bff..748b6a247 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml
@@ -5,7 +5,7 @@
   
     MOA.id.server.modules
     moa-id-modules
-    4.0.1-snapshot
+    4.1.0
   
   moa-id-module-AT_eIDAS_connector
   moa-id-module-AT_eIDAS_connector
diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml
index 48723c8be..d21654fd1 100644
--- a/id/server/modules/moa-id-module-E-ID_connector/pom.xml
+++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml
@@ -5,7 +5,7 @@
   
     MOA.id.server.modules
     moa-id-modules
-    4.0.1-snapshot
+    4.1.0
   
   moa-id-module-EID_connector
   moa-id-module-E-ID_connector
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml
index 882a2ad78..12c5e1319 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml
@@ -3,7 +3,7 @@
   
     MOA.id.server.modules
     moa-id-modules
-    4.0.1-snapshot
+    4.1.0
   
   moa-id-module-bkaMobilaAuthSAML2Test
   BKA MobileAuth Test for SAML2 applications
diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml
index 6f09fa4fb..4562f3239 100644
--- a/id/server/modules/moa-id-module-eIDAS/pom.xml
+++ b/id/server/modules/moa-id-module-eIDAS/pom.xml
@@ -3,7 +3,7 @@
   
     MOA.id.server.modules
     moa-id-modules
-    4.0.1-snapshot
+    4.1.0
   
   moa-id-module-eIDAS
   MOA-ID eIDAS Module
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml
index 6068c8d3d..bdc83f686 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml
+++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml
@@ -3,7 +3,7 @@
   
     MOA.id.server.modules
     moa-id-modules
-    4.0.1-snapshot
+    4.1.0
   
   moa-id-module-elga_mandate_service
   ${moa-id-module-elga_mandate_client}
diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml
index a501f555a..f74177cd4 100644
--- a/id/server/modules/moa-id-module-openID/pom.xml
+++ b/id/server/modules/moa-id-module-openID/pom.xml
@@ -3,7 +3,7 @@
   
     MOA.id.server.modules
     moa-id-modules
-    4.0.1-snapshot
+    4.1.0
   
   
 	moa-id-module-openID
diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml
index 9a1151f25..d41e221af 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml
+++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml
@@ -5,7 +5,7 @@
   
     MOA.id.server.modules
     moa-id-modules
-    4.0.1-snapshot
+    4.1.0
   
   moa-id-module-sl20_authentication
   moa-id-module-sl20_authentication
diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml
index bd945b0c9..68e984ef5 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml
+++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml
@@ -3,7 +3,7 @@
   
     MOA.id.server.modules
     moa-id-modules
-    4.0.1-snapshot
+    4.1.0
   
   moa-id-module-ssoTransfer
   MOA-ID_SSO_Transfer_modul
diff --git a/id/server/modules/moa-id-modules-federated_authentication/pom.xml b/id/server/modules/moa-id-modules-federated_authentication/pom.xml
index c3d8a970f..044eb5732 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/pom.xml
+++ b/id/server/modules/moa-id-modules-federated_authentication/pom.xml
@@ -3,7 +3,7 @@
   
     MOA.id.server.modules
     moa-id-modules
-    4.0.1-snapshot
+    4.1.0
   
   moa-id-modules-federated_authentication
   PVP2 ServiceProvider implementation for federated authentication
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml
index 66fe46900..9c27134d0 100644
--- a/id/server/modules/moa-id-modules-saml1/pom.xml
+++ b/id/server/modules/moa-id-modules-saml1/pom.xml
@@ -3,7 +3,7 @@
   
     MOA.id.server.modules
     moa-id-modules
-    4.0.1-snapshot
+    4.1.0
   
   
 	moa-id-module-saml1
diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml
index 99b5b091d..1be1574a5 100644
--- a/id/server/modules/module-monitoring/pom.xml
+++ b/id/server/modules/module-monitoring/pom.xml
@@ -5,7 +5,7 @@
 	
 		MOA.id.server.modules
 		moa-id-modules
-		4.0.1-snapshot
+		4.1.0
 	
 
 	moa-id-module-monitoring
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
index 80451c89a..72f568a8a 100644
--- a/id/server/modules/pom.xml
+++ b/id/server/modules/pom.xml
@@ -5,7 +5,7 @@
 	
 		MOA.id
 		moa-id
-		4.0.1-snapshot
+		4.1.0
 	
 
 	MOA.id.server.modules
diff --git a/id/server/pom.xml b/id/server/pom.xml
index b9dc9e33d..efda789b3 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -4,7 +4,7 @@
     
         MOA
         id
-        4.0.1-snapshot
+        4.1.0
     
 
     4.0.0
diff --git a/pom.xml b/pom.xml
index 73432a4db..e16484168 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
     MOA
     MOA
     pom
-    4.0.1-snapshot
+    4.1.0
     MOA
 
     
@@ -12,14 +12,14 @@
         UTF-8
 		
 						
-			4.0.1-snapshot
+			4.1.0
 			
-			4.0.1-snapshot			
-			4.0.1-snapshot			
+			4.1.0			
+			4.1.0			
 			
 			2.0.1
 			
-			3.0.1-snapshot
+			3.0.1
 			2.0.6
 			
 			1.3.2
-- 
cgit v1.2.3


From 38f60c2385cd47c320942fdc7c9eb158f0e320e0 Mon Sep 17 00:00:00 2001
From: Thomas Lenz 
Date: Fri, 13 Dec 2019 08:54:02 +0100
Subject: add code for SEMPER eIDAS extensions

---
 .../pvp2x/validation/AuthnRequestValidator.java    |    6 +-
 .../moa-id-module-AT_eIDAS_connector/pom.xml       |   18 +
 .../EidasCentralAuthConstants.java                 |   19 +
 .../EidasCentralAuthMetadataConfiguration.java     |    2 +-
 .../EidasCentralAuthMetadataController.java        |   22 +-
 .../semper/AuthnRequestSemperProcessor.java        |  151 ++
 .../tasks/ReceiveAuthnResponseTask.java            |   24 +-
 .../moaid_eIDAS_central_node_auth.beans.xml        |    4 +
 .../semper/AuthnRequestSemperProcessorTest.java    |  348 ++++
 .../semper/DummyAuthConfigMap.java                 |  136 ++
 .../resources/SpringTest-context_basic_test.xml    |   20 +
 .../src/test/resources/data/pvp2_authn_1.xml       |   43 +
 .../src/test/resources/data/pvp2_authn_10.xml      |   33 +
 .../src/test/resources/data/pvp2_authn_2.xml       |   43 +
 .../src/test/resources/data/pvp2_authn_3.xml       |   40 +
 .../src/test/resources/data/pvp2_authn_4.xml       |   43 +
 .../src/test/resources/data/pvp2_authn_5.xml       |   44 +
 .../src/test/resources/data/pvp2_authn_6.xml       |   40 +
 .../src/test/resources/data/pvp2_authn_7.xml       |   44 +
 .../src/test/resources/data/pvp2_authn_8.xml       |   42 +
 .../src/test/resources/data/pvp2_authn_9.xml       |   35 +
 pom.xml                                            | 1810 ++++++++++----------
 22 files changed, 2038 insertions(+), 929 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/AuthnRequestSemperProcessor.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/AuthnRequestSemperProcessorTest.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/DummyAuthConfigMap.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/SpringTest-context_basic_test.xml
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_1.xml
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_10.xml
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_2.xml
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_3.xml
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_4.xml
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_5.xml
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_6.xml
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_7.xml
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_8.xml
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_9.xml

(limited to 'id/server/idserverlib')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
index 19f865325..5ed237948 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
@@ -13,7 +13,7 @@ import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor;
 import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
@@ -26,9 +26,9 @@ import at.gv.egovernment.moa.logging.Logger;
  *
  */
 @Service("MOAAuthnRequestValidator")
-public class AuthnRequestValidator implements IAuthnRequestValidator {
+public class AuthnRequestValidator implements IAuthnRequestPostProcessor {
 	
-	public void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException{
+	public void process(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException{
 
 		//validate NameIDPolicy
 		NameIDPolicy nameIDPolicy = authnReq.getNameIDPolicy();
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml
index 748b6a247..2ba496dd7 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml
@@ -58,5 +58,23 @@
       	junit
       	test
     
+    
+      at.gv.egiz.eaaf
+      eaaf_core_utils
+      test
+      test-jar
+    
+    
+      at.gv.egiz.eaaf
+      eaaf-core
+      test
+      test-jar
+    
+    
+      org.hamcrest
+      hamcrest-library
+      1.3
+      test
+    
   
 
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
index 19950a078..96c78abb4 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
@@ -27,6 +27,7 @@ import java.util.Collections;
 import java.util.List;
 
 import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 
@@ -60,6 +61,8 @@ public class EidasCentralAuthConstants {
 	public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl";
 	public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID";	
 	
+	public static final String CONFIG_PROPS_SEMPER_MANDATES_ACTIVE = CONFIG_PROPS_PREFIX + "semper.mandates.active";
+	public static final String CONFIG_PROPS_SEMPER_MANDATES_MS_PROXY_LIST = CONFIG_PROPS_PREFIX + "semper.msproxy.list";
 	
 	public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_LOA_HIGH;	
 	public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = 
@@ -81,6 +84,22 @@ public class EidasCentralAuthConstants {
 				}
 			});
 	
+	public static final List> DEFAULT_SEMPER_MANDATE_PVP_ATTRIBUTES = 
+      Collections.unmodifiableList(new ArrayList>() {
+        private static final long serialVersionUID = 1L;
+        {           
+          //request entity information
+          add(Pair.newInstance(PVPConstants.MANDATE_TYPE_NAME, false));
+          add(Pair.newInstance(PVPConstants.MANDATE_TYPE_OID_NAME, false));
+          
+          add(Pair.newInstance(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME, false));
+          add(Pair.newInstance(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, false));
+          add(Pair.newInstance(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME, false));
+          
+                    
+        }
+      });
+	
 	public static final List DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = 
 			Collections.unmodifiableList(new ArrayList() {
 				private static final long serialVersionUID = 1L;
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java
index aad1244f1..2bb384c74 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java
@@ -334,7 +334,7 @@ public class EidasCentralAuthMetadataConfiguration implements IPVPMetadataBuilde
 	 * @param additionalAttr List of PVP attribute name and isRequired flag 
 	 */
 	public void setAdditionalRequiredAttributes(List> additionalAttr) {
-		if (additionalAttr != null) {
+		if (additionalAttr != null && !additionalAttr.isEmpty()) {
 			additionalAttributes = new ArrayList();
 			for (Pair el : additionalAttr) {
 				Attribute attributBuilder = PVPAttributeBuilder.buildEmptyAttribute(el.getFirst());
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java
index a6a7084f5..a0c1fa30b 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java
@@ -109,9 +109,17 @@ public class EidasCentralAuthMetadataController extends AbstractController {
 	}
 
 	private List> getAdditonalRequiredAttributes() {
-		Map addReqAttributes = authConfig.getBasicConfigurationWithPrefix(EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST);
-		if (addReqAttributes != null) {
-			List> result = new ArrayList>();
+	  List> result = new ArrayList>();
+	  
+	  //load SEMPER attributes if required
+	  if (authConfig.getBasicConfigurationBoolean(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) {
+	    result.addAll(EidasCentralAuthConstants.DEFAULT_SEMPER_MANDATE_PVP_ATTRIBUTES);
+	      
+	  }
+	  
+	  //load attributes from configuration
+	  Map addReqAttributes = authConfig.getBasicConfigurationWithPrefix(EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST);		
+		if (addReqAttributes != null) {			
 			for (String el : addReqAttributes.values()) {
 				if (MiscUtil.isNotEmpty(el)) {
 					Logger.trace("Parse additional attr. definition: " + el);
@@ -123,12 +131,12 @@ public class EidasCentralAuthMetadataController extends AbstractController {
 						Logger.info("IGNORE additional attr. definition: " + el
 								+ " Reason: Format not valid");
 				}				
-			}
-			
-			return result;
+			}			
 		}
 				
-		return null;
+		return result;
+				
+
 	}
 		
 }
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/AuthnRequestSemperProcessor.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/AuthnRequestSemperProcessor.java
new file mode 100644
index 000000000..222ba812c
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/AuthnRequestSemperProcessor.java
@@ -0,0 +1,151 @@
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.semper;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.xml.XMLObject;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class AuthnRequestSemperProcessor implements IAuthnRequestPostProcessor {
+    
+  @Autowired IConfiguration authConfig;
+  
+  @Override
+  public void process(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authReq,
+      SPSSODescriptor spSsoDescriptor) throws AuthnRequestValidatorException {    
+    if (authConfig.getBasicConfigurationBoolean(
+        EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false) 
+        && isSpAllowed(authReq)) { 
+      
+      Logger.debug("SEMPER mode detected. Starting SP-Info extraction from requested attributes ...");
+      extractRequestedAttributeInformation(authReq, pendingReq);
+                       
+    } else {
+      Logger.trace("Skip: " + AuthnRequestSemperProcessor.class.getSimpleName() + " because is's not active or not allowed");
+      
+    }
+
+  }
+  
+  private boolean isSpAllowed(AuthnRequest authReq) {
+    String csvOfAllowedProxies = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_MS_PROXY_LIST);
+    List allowedProxies = KeyValueUtils.getListOfCSVValues(csvOfAllowedProxies);
+    Logger.trace("Validate SP-EntityId: " + authReq.getIssuer().getValue() 
+        + " with allowed MS-Proxies: [" + StringUtils.join(allowedProxies, ", ") + "]");    
+    return allowedProxies.contains(authReq.getIssuer().getValue());
+       
+  }
+
+
+  private void extractRequestedAttributeInformation(AuthnRequest authnReq, IRequest pendingReq) throws AuthnRequestValidatorException {
+    // validate and process requested attributes
+    boolean hasValidBpkTarget = false;
+    if (authnReq.getExtensions() != null) {
+      final List requestedAttributes = authnReq.getExtensions().getUnknownXMLObjects();
+      for (final XMLObject reqAttrObj : requestedAttributes) {
+        if (reqAttrObj instanceof EAAFRequestedAttributes) {
+          final EAAFRequestedAttributes reqAttr = (EAAFRequestedAttributes) reqAttrObj;
+          if (reqAttr.getAttributes() != null && reqAttr.getAttributes().size() != 0) {
+            for (final EAAFRequestedAttribute el : reqAttr.getAttributes()) {
+              Logger.trace("Processing req. attribute '" + el.getName() + "' ... ");           
+              if (el.getName().equals(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+                hasValidBpkTarget = extractBpkTarget(el, pendingReq);
+              
+              } else if (el.getName().equals(ExtendedPVPAttributeDefinitions.SP_USESMANDATES_NAME )) {
+                extractMandateProfiles(el, pendingReq);
+                              
+              } else {
+                Logger.debug("Ignore req. attribute: " + el.getName());
+              }
+  
+            }
+  
+          } else {
+            Logger.debug("No requested Attributes in Authn. Request");
+          }
+  
+        } else {
+          Logger.info("Ignore unknown requested attribute: " + reqAttrObj.getElementQName().toString());
+        }
+  
+      }
+    }
+
+    if (!hasValidBpkTarget) {
+      Logger.info("Authn.Req validation FAILED. Reason: Contains NO or NO VALID target-sector information.");
+      throw new AuthnRequestValidatorException("pvp2.22", new Object[] {
+          "NO or NO VALID target-sector information" });
+
+    }
+    
+  }
+  
+  private void extractMandateProfiles(EAAFRequestedAttribute el, IRequest pendingReq) {
+    if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
+      final String profiles = el.getAttributeValues().get(0).getDOM().getTextContent();
+      Map configProps = pendingReq.getServiceProviderConfiguration().getFullConfiguration();     
+      Logger.debug("Set MandateProfiles to: " + profiles);
+      configProps.put(
+          MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_USE,
+          String.valueOf(true));
+      configProps.put(
+          MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_PROFILES,
+          profiles);        
+                  
+    } else {
+      Logger.info("Req. attribute '" + el.getName()
+          + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute");
+    }
+        
+  }
+
+
+  private boolean extractBpkTarget(final EAAFRequestedAttribute el, IRequest pendingReq) {
+    if (el.getAttributeValues() != null && el.getAttributeValues().size() == 1) {
+      final String sectorId = el.getAttributeValues().get(0).getDOM().getTextContent();                
+      Map configProps = pendingReq.getServiceProviderConfiguration().getFullConfiguration();                 
+      if (sectorId.startsWith(EAAFConstants.URN_PREFIX_EIDAS)) {
+        Logger.debug("Set eIDAS target to: " + sectorId);
+        configProps.put(
+            MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, 
+            MOAIDConstants.IDENIFICATIONTYPE_EIDAS);
+        configProps.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, 
+            sectorId.substring(EAAFConstants.URN_PREFIX_EIDAS.length()));                  
+        return true;  
+          
+      } else {
+        Logger.info("Requested sector: " + sectorId + " DOES NOT match to allowed sectors for SP: "
+            + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
+        
+      }
+
+    } else {
+      Logger.info("Req. attribute '" + el.getName()
+          + "' contains NO or MORE THEN ONE attribute-values. Ignore full req. attribute");
+    }
+
+    return false;
+    
+  }
+
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
index f3eaff11a..7f44c4deb 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
@@ -23,6 +23,7 @@
 package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks;
 
 import java.io.IOException;
+import java.util.Arrays;
 import java.util.Set;
 
 import javax.servlet.http.HttpServletRequest;
@@ -64,6 +65,7 @@ import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentral
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -194,7 +196,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 				throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING});
 				
 			}
-			
+						
 			//copy attributes into MOASession
 			AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
 			Set includedAttrNames = extractor.getAllIncludeAttributeNames();
@@ -207,12 +209,32 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			
 			//set foreigner flag
 			session.setForeigner(true);
+			
+			//set CCE URL
 			if (extractor.getFullAssertion().getIssuer() != null && 
 					StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue()))
 				session.setBkuURL(extractor.getFullAssertion().getIssuer().getValue());
 			else
 				session.setBkuURL("eIDAS_Authentication");
 			
+	     if (authConfig.getBasicConfigurationBoolean(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) {
+	        if (extractor.containsAttribute(PVPConstants.MANDATE_TYPE_NAME)) {
+	          Logger.trace("Check attributes in SEMPER eIDAS mode.");
+	          if (!extractor.containsAllRequiredAttributes(Arrays.asList(
+	              PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME,
+	              PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME,
+	              PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME))) {
+	            Logger.warn("PVP Response from 'ms-specific eIDAS node' contains not all required attributes for eIDAS SEMPER process.");
+	            throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING});
+	            
+	          }
+	          
+	          Logger.info("SEMPER mode is active and mandates are found. Activing mandates for eIDAS login ... ");
+	          session.setUseMandates(true);
+	                    
+	        }                  
+	      }
+			
 												
 		} catch (AssertionValidationExeption e) {
 			throw new BuildException("builder.06", null, e);
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
index f57d4a94b..baf7e84b5 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
@@ -31,6 +31,10 @@
 	
 	
+    
+  
+  
 
 	 spConfig = new HashMap<>();
+    spConfig.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, 
+        "https://demo.egiz.gv.at/ms_connector/sp/metadata");
+    
+    pendingReq = new TestRequestImpl();
+    pendingReq.setAuthURL("https://localhost/ms_connector");
+    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setSpConfig(new OAAuthParameterDecorator(new SPConfigurationImpl(spConfig, configMap)));
+    
+  }
+  
+  @Test
+  public void semperModeNotSet() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException {
+    configMap.removeConfigValue(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE);    
+    
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_1.xml");
+    
+    processor.process(httpReq, pendingReq, authReq , null);
+    
+    ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    Assert.assertNotNull("SP config is null", spConfig);
+    org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, 
+        spConfig, "SP config is NOT of type MOA-ID SP Config");
+    
+    Assert.assertNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier());    
+    Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox());   
+    Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles());    
+    
+  }
+  
+  @Test
+  public void semperModeInactive() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException {
+    configMap.putConfigValue(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, "false");    
+    
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_1.xml");
+    
+    processor.process(httpReq, pendingReq, authReq , null);
+    
+    ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    Assert.assertNotNull("SP config is null", spConfig);
+    org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, 
+        spConfig, "SP config is NOT of type MOA-ID SP Config");
+    
+    Assert.assertNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier());    
+    Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox());   
+    Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles());    
+    
+  }
+  
+  @Test
+  public void allowedSPsNotSet() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException {
+    configMap.removeConfigValue(EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_MS_PROXY_LIST);    
+    
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_1.xml");
+    
+    processor.process(httpReq, pendingReq, authReq , null);
+    
+    ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    Assert.assertNotNull("SP config is null", spConfig);
+    org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, 
+        spConfig, "SP config is NOT of type MOA-ID SP Config");
+    
+    Assert.assertNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier());    
+    Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox());   
+    Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles());    
+    
+  }
+  
+  @Test
+  public void nonValidSpEntityId() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException {
+        
+    
+    pendingReq.getServiceProviderConfiguration().getFullConfiguration().put(
+        EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, 
+        "https://apps.egiz.gv.at/ms_connector/sp/metadata");
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_2.xml");
+    
+    processor.process(httpReq, pendingReq, authReq , null);
+    
+    ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    Assert.assertNotNull("SP config is null", spConfig);
+    org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, 
+        spConfig, "SP config is NOT of type MOA-ID SP Config");
+    
+    Assert.assertNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier());    
+    Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox());   
+    Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles());    
+    
+  }
+  
+  @Test
+  public void bPKTargetIsMissing_1() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_3.xml");
+    
+    try {
+      processor.process(httpReq, pendingReq, authReq , null);
+      Assert.fail("No bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("ErrorMessage", "pvp2.22", e.getErrorId());
+      
+    }        
+  }
+  
+  @Test
+  public void bPKTargetIsMissing_2() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_4.xml");
+    
+    try {
+      processor.process(httpReq, pendingReq, authReq , null);
+      Assert.fail("No bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("ErrorMessage", "pvp2.22", e.getErrorId());
+      
+    }        
+  }
+  
+  @Test
+  public void bPKTargetIsMissing_3() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_5.xml");
+    
+    try {
+      processor.process(httpReq, pendingReq, authReq , null);
+      Assert.fail("No bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("ErrorMessage", "pvp2.22", e.getErrorId());
+      
+    }        
+  }
+  
+  @Test
+  public void noRequestedAttributes() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_9.xml");
+    
+    try {
+      processor.process(httpReq, pendingReq, authReq , null);
+      Assert.fail("No bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("ErrorMessage", "pvp2.22", e.getErrorId());
+      
+    }        
+  }
+  
+  @Test
+  public void noSAML2ExtentsionElement() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_10.xml");
+    
+    try {
+      processor.process(httpReq, pendingReq, authReq , null);
+      Assert.fail("No bPK target not detected");
+      
+    } catch (AuthnRequestValidatorException e) {
+      Assert.assertEquals("ErrorMessage", "pvp2.22", e.getErrorId());
+      
+    }        
+  }
+  
+  @Test
+  public void validSpEntityIdNoMandateProfiles() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_6.xml");
+    
+    processor.process(httpReq, pendingReq, authReq , null);
+    
+    ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    Assert.assertNotNull("SP config is null", spConfig);
+    org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, 
+        spConfig, "SP config is NOT of type MOA-ID SP Config");
+    
+    Assert.assertNotNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier());
+    Assert.assertEquals("SP target not match",  "urn:publicid:gv.at:eidasid+AT+EE", spConfig.getAreaSpecificTargetIdentifier());
+    
+
+    Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox());    
+    Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles());    
+    
+  }
+  
+  @Test
+  public void validSpEntityIdNotValidMandateProfiles_1() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_7.xml");
+    
+    processor.process(httpReq, pendingReq, authReq , null);
+    
+    ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    Assert.assertNotNull("SP config is null", spConfig);
+    org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, 
+        spConfig, "SP config is NOT of type MOA-ID SP Config");
+    
+    Assert.assertNotNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier());
+    Assert.assertEquals("SP target not match",  "urn:publicid:gv.at:eidasid+AT+EE", spConfig.getAreaSpecificTargetIdentifier());
+    
+
+    Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox());    
+    Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles());    
+    
+  }
+  
+  @Test
+  public void validSpEntityIdNotValidMandateProfiles_2() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_8.xml");
+    
+    processor.process(httpReq, pendingReq, authReq , null);
+    
+    ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    Assert.assertNotNull("SP config is null", spConfig);
+    org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, 
+        spConfig, "SP config is NOT of type MOA-ID SP Config");
+    
+    Assert.assertNotNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier());
+    Assert.assertEquals("SP target not match",  "urn:publicid:gv.at:eidasid+AT+EE", spConfig.getAreaSpecificTargetIdentifier());
+    
+
+    Assert.assertFalse("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox());    
+    Assert.assertNull("Mandate profiles", ((OAAuthParameterDecorator)spConfig).getMandateProfiles());    
+    
+  }
+  
+  @Test
+  public void validSpEntityIdWithMandateProfiles() throws ParserConfigurationException, SAXException, IOException, UnmarshallingException, AuthnRequestValidatorException {
+        
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_1.xml");
+    
+    processor.process(httpReq, pendingReq, authReq , null);
+    
+    ISPConfiguration spConfig = pendingReq.getServiceProviderConfiguration();
+    Assert.assertNotNull("SP config is null", spConfig);
+    org.springframework.util.Assert.isInstanceOf(OAAuthParameterDecorator.class, 
+        spConfig, "SP config is NOT of type MOA-ID SP Config");
+    
+    Assert.assertNotNull("SP target is null", spConfig.getAreaSpecificTargetIdentifier());
+    Assert.assertEquals("SP target not match",  "urn:publicid:gv.at:eidasid+AT+EE", spConfig.getAreaSpecificTargetIdentifier());
+    
+
+    Assert.assertTrue("UseMandates flag", ((OAAuthParameterDecorator)spConfig).isShowMandateCheckBox());
+    
+    Assert.assertNotNull("Mandate profiles are null", ((OAAuthParameterDecorator)spConfig).getMandateProfiles());    
+    Assert.assertEquals("Number of mandate profiles not match",  3, ((OAAuthParameterDecorator)spConfig).getMandateProfiles().size());
+    assertThat("Mandate profiles not match", ((OAAuthParameterDecorator)spConfig).getMandateProfiles(), 
+        contains("Einzelvertretungsbefugnis", "1.2.40.0.10.1.7.3.1.1", "ERsB"));
+    
+  }
+  
+  private AuthnRequest getAuthRequest(String resource) throws 
+      ParserConfigurationException, SAXException, IOException, UnmarshallingException {
+   final Element authBlockDom =
+       DOMUtils.parseXmlValidating(AuthnRequestSemperProcessor.class.getResourceAsStream(resource));
+
+   final UnmarshallerFactory unmarshallerFactory =
+       org.opensaml.xml.Configuration.getUnmarshallerFactory();
+   final Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDom);
+   return (AuthnRequest) unmarshaller.unmarshall(authBlockDom);
+
+}
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/DummyAuthConfigMap.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/DummyAuthConfigMap.java
new file mode 100644
index 000000000..1cc51f2e0
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/DummyAuthConfigMap.java
@@ -0,0 +1,136 @@
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.semper;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
+/**
+ * Dummy Application-configuration implementation for jUnit tests.
+ *
+ * @author tlenz
+ *
+ */
+public class DummyAuthConfigMap implements IConfigurationWithSP {
+
+  private Map config = new HashMap<>();
+  
+  public DummyAuthConfigMap() {
+    
+  }
+  
+  /**
+   * Dummy Application-configuration.
+   *
+   * @param configIs Property based configuration
+   * @throws IOException In case of an configuration read error
+   */
+  public DummyAuthConfigMap(final InputStream configIs) throws IOException {
+
+    final Properties props = new Properties();
+    props.load(configIs);
+
+    config = KeyValueUtils.convertPropertiesToMap(props);
+
+  }
+
+  /**
+   * Dummy Application-configuration.
+   *
+   * @param path Path to property based configuration
+   * @throws IOException In case of an configuration read error
+   */
+  public DummyAuthConfigMap(final String path) throws IOException {
+
+    final Properties props = new Properties();
+    props.load(this.getClass().getResourceAsStream(path));
+
+    config = KeyValueUtils.convertPropertiesToMap(props);
+
+  }
+
+
+  @Override
+  public String getBasicConfiguration(final String key) {
+    return config.get(key);
+
+  }
+
+  @Override
+  public String getBasicConfiguration(final String key, final String defaultValue) {
+    final String value = getBasicConfiguration(key);
+    if (StringUtils.isEmpty(value)) {
+      return defaultValue;
+    } else {
+      return value;
+    }
+
+  }
+
+  @Override
+  public Boolean getBasicConfigurationBoolean(final String key) {
+    final String value = getBasicConfiguration(key);
+    if (StringUtils.isEmpty(value)) {
+      return false;
+    } else {
+      return Boolean.valueOf(value);
+    }
+  }
+
+  @Override
+  public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) {
+    return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue)));
+
+  }
+
+  @Override
+  public Map getBasicConfigurationWithPrefix(final String prefix) {
+    return KeyValueUtils.getSubSetWithPrefix(config, prefix);
+
+  }
+
+  @Override
+  public ISPConfiguration getServiceProviderConfiguration(final String uniqueID)
+      throws EAAFConfigurationException {
+    return null;
+  }
+
+  @Override
+  public  T getServiceProviderConfiguration(final String spIdentifier, final Class decorator)
+      throws EAAFConfigurationException {
+    return null;
+  }
+
+  @Override
+  public URI getConfigurationRootDirectory() {
+    return new java.io.File(".").toURI();
+
+  }
+
+  @Override
+  public String validateIDPURL(final URL authReqUrl) throws EAAFException {
+    return null;
+  }
+
+  public void putConfigValue(final String key, final String value) {
+    config.put(key, value);
+  }
+
+  public void removeConfigValue(final String key) {
+    config.remove(key);
+
+  }
+
+
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/SpringTest-context_basic_test.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/SpringTest-context_basic_test.xml
new file mode 100644
index 000000000..18900c27d
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/SpringTest-context_basic_test.xml
@@ -0,0 +1,20 @@
+
+
+
+  
+
+  
+
+  
+
+
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_1.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_1.xml
new file mode 100644
index 000000000..f6c6b26ee
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_1.xml
@@ -0,0 +1,43 @@
+
+
+  https://demo.egiz.gv.at/ms_connector/sp/metadata
+  
+    
+      
+      
+      
+        
+          
+          
+            
+          
+        
+        
+        mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=
+      
+    
+    ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==
+    
+      
+        MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=
+      
+    
+  
+  
+    
+      
+        urn:publicid:gv.at:eidasid+AT+EE
+      
+      
+        Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB
+      
+    
+  
+  
+  
+    http://eidas.europa.eu/LoA/low
+  
+  
+    https://demo.egiz.gv.at/demoportal-openID_demo
+  
+
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_10.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_10.xml
new file mode 100644
index 000000000..1d52986fc
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_10.xml
@@ -0,0 +1,33 @@
+
+
+  https://demo.egiz.gv.at/ms_connector/sp/metadata
+  
+    
+      
+      
+      
+        
+          
+          
+            
+          
+        
+        
+        mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=
+      
+    
+    ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==
+    
+      
+        MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=
+      
+    
+  
+  
+  
+    http://eidas.europa.eu/LoA/low
+  
+  
+    https://demo.egiz.gv.at/demoportal-openID_demo
+  
+
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_2.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_2.xml
new file mode 100644
index 000000000..c5b634539
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_2.xml
@@ -0,0 +1,43 @@
+
+
+  https://apps.egiz.gv.at/ms_connector/sp/metadata
+  
+    
+      
+      
+      
+        
+          
+          
+            
+          
+        
+        
+        mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=
+      
+    
+    ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==
+    
+      
+        MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=
+      
+    
+  
+  
+    
+      
+        urn:publicid:gv.at:eidasid+AT+EE
+      
+      
+        Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB
+      
+    
+  
+  
+  
+    http://eidas.europa.eu/LoA/low
+  
+  
+    https://demo.egiz.gv.at/demoportal-openID_demo
+  
+
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_3.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_3.xml
new file mode 100644
index 000000000..d79caa0fe
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_3.xml
@@ -0,0 +1,40 @@
+
+
+  https://demo.egiz.gv.at/ms_connector/sp/metadata
+  
+    
+      
+      
+      
+        
+          
+          
+            
+          
+        
+        
+        mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=
+      
+    
+    ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==
+    
+      
+        MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=
+      
+    
+  
+  
+    
+      
+        Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB
+      
+    
+  
+  
+  
+    http://eidas.europa.eu/LoA/low
+  
+  
+    https://demo.egiz.gv.at/demoportal-openID_demo
+  
+
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_4.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_4.xml
new file mode 100644
index 000000000..c04a97a7f
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_4.xml
@@ -0,0 +1,43 @@
+
+
+  https://demo.egiz.gv.at/ms_connector/sp/metadata
+  
+    
+      
+      
+      
+        
+          
+          
+            
+          
+        
+        
+        mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=
+      
+    
+    ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==
+    
+      
+        MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=
+      
+    
+  
+  
+    
+      
+        
+      
+      
+        Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB
+      
+    
+  
+  
+  
+    http://eidas.europa.eu/LoA/low
+  
+  
+    https://demo.egiz.gv.at/demoportal-openID_demo
+  
+
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_5.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_5.xml
new file mode 100644
index 000000000..339514323
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_5.xml
@@ -0,0 +1,44 @@
+
+
+  https://demo.egiz.gv.at/ms_connector/sp/metadata
+  
+    
+      
+      
+      
+        
+          
+          
+            
+          
+        
+        
+        mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=
+      
+    
+    ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==
+    
+      
+        MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=
+      
+    
+  
+  
+    
+      
+        urn:publicid:gv.at:eidasid+AT+EE
+        urn:publicid:gv.at:eidasid+AT+XX
+      
+      
+        Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB
+      
+    
+  
+  
+  
+    http://eidas.europa.eu/LoA/low
+  
+  
+    https://demo.egiz.gv.at/demoportal-openID_demo
+  
+
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_6.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_6.xml
new file mode 100644
index 000000000..8a046363c
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_6.xml
@@ -0,0 +1,40 @@
+
+
+  https://demo.egiz.gv.at/ms_connector/sp/metadata
+  
+    
+      
+      
+      
+        
+          
+          
+            
+          
+        
+        
+        mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=
+      
+    
+    ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==
+    
+      
+        MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=
+      
+    
+  
+  
+    
+      
+        urn:publicid:gv.at:eidasid+AT+EE
+      
+    
+  
+  
+  
+    http://eidas.europa.eu/LoA/low
+  
+  
+    https://demo.egiz.gv.at/demoportal-openID_demo
+  
+
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_7.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_7.xml
new file mode 100644
index 000000000..502619e94
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_7.xml
@@ -0,0 +1,44 @@
+
+
+  https://demo.egiz.gv.at/ms_connector/sp/metadata
+  
+    
+      
+      
+      
+        
+          
+          
+            
+          
+        
+        
+        mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=
+      
+    
+    ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==
+    
+      
+        MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=
+      
+    
+  
+  
+    
+      
+        urn:publicid:gv.at:eidasid+AT+EE
+      
+      
+        Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB
+        Einzelvertretungsbefugnis,1.2.40.0.10.1.7.3.1.1,ERsB
+      
+    
+  
+  
+  
+    http://eidas.europa.eu/LoA/low
+  
+  
+    https://demo.egiz.gv.at/demoportal-openID_demo
+  
+
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_8.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_8.xml
new file mode 100644
index 000000000..ff667168a
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_8.xml
@@ -0,0 +1,42 @@
+
+
+  https://demo.egiz.gv.at/ms_connector/sp/metadata
+  
+    
+      
+      
+      
+        
+          
+          
+            
+          
+        
+        
+        mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=
+      
+    
+    ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==
+    
+      
+        MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=
+      
+    
+  
+  
+    
+      
+        urn:publicid:gv.at:eidasid+AT+EE
+      
+      
+      
+    
+  
+  
+  
+    http://eidas.europa.eu/LoA/low
+  
+  
+    https://demo.egiz.gv.at/demoportal-openID_demo
+  
+
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_9.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_9.xml
new file mode 100644
index 000000000..5506b2f31
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/resources/data/pvp2_authn_9.xml
@@ -0,0 +1,35 @@
+
+
+  https://demo.egiz.gv.at/ms_connector/sp/metadata
+  
+    
+      
+      
+      
+        
+          
+          
+            
+          
+        
+        
+        mOljEGj9lBXPvJbT3biANFlsYGLrKtcaoHTNDmjRuko=
+      
+    
+    ARMTDwMGYMJteX/wjLqtONtFoHWc34gd6KKkgxnWe17xrUns1gHo/wDnKhvyG6kNtUZgfrebbdNA5Z4XZC+wiGkeZggKXaPdxAKco9amauuwSwoK8C556bQFA0F7yEjhypZGZxCoEMhS+hDKN+r/Pgh5QxkTgYi5DJXK6tIYgewt41k1YOAtrhr/RbyqvlFLvdZig2Sr8eotsCfATmics6NXeHGJV2ajaFITmNZd09exAoe4oi0zk2DUOUc2611bPW+4wrAb4F0iB4sPGxngfKArdMeJ8Ybh4nnA0WncwwJ2WMVu4CF87cWQKU1VIIPTisJjSN5pFXnm6wMQQUZu1A==
+    
+      
+        MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt 1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc 2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy 4jpXrp77JXFRSDWddb0yePc=
+      
+    
+  
+  
+  
+  
+  
+    http://eidas.europa.eu/LoA/low
+  
+  
+    https://demo.egiz.gv.at/demoportal-openID_demo
+  
+
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index e16484168..f5bfb5746 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,923 +1,899 @@
-
-    4.0.0
-    MOA
-    MOA
-    pom
-    4.1.0
-    MOA
-
-    
-        ${basedir}/repository
-        UTF-8
-		
-						
-			4.1.0
-			
-			4.1.0			
-			4.1.0			
-			
-			2.0.1
-			
-			3.0.1
-			2.0.6
-			
-			1.3.2
-
-			
-			0.3
-			1.0.13.1							
-			5.2.2.RELEASE
-			2.2.3.RELEASE
-			2.2.3.RELEASE
-			2.22.0		
-			
-			2.3.1
-			2.3.0.1
-			28.1-jre
-			
-			2.6.6 
-			1.5.6
-			1.4.6
-			2.1.3
-			2.3.1
-			1.1
-			
-			5.4.3.Final
-			2.6.0 
-						
-			3.3.4			
-			2.5.22 
-			
-			2.0.0
-			
-			1.7.26						
-			
-			4.5.8
-			4.4.11
-			
-			
-			8.0.16
-						
-						
-			4.12			
-			2.6
-			3.9
-			4.3
-			3.2.2
-			1.6
-			2.10.2
-			
-			2.9.9
-	    	1.4
-	    	${org.springframework.version}
-	   
-    
-
-    
-        
-            default
-            
-                true
-                
-                    default
-                
-            
-            
-                id              
-            
-            
-                
-                    moaid_local
-                    local
-                    file:${basedir}/../../../repository
-                
-
-                
-                    egiz-shibboleth-mirror
-                    egiz-shibboleth-mirror
-                    https://apps.egiz.gv.at/shibboleth_nexus/
-                
-                
-                    jboss
-                    https://repository.jboss.org/nexus/content/repositories/central/
-                    
-                        true
-                    
-                
-                
-                    egiz-commons
-                    https://apps.egiz.gv.at/maven/
-                    
-                        true
-                    
-                
-                
-            
-        
-    
-    
-    
-    	
-    		
-    			
-    				maven-release-plugin
-    				2.5.1
-    			
-    		
-    	
-        
-
-        		
-                org.apache.maven.plugins
-                maven-surefire-plugin
-                ${surefire.version}
-                
-                	
-                		eu/stork/peps/test/simple/SimpleBaseTest.java
-                		eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java
-                		eu/stork/peps/test/simple/StorkAttrQueryResponseTest.java
-                		eu/stork/peps/test/simple/StorkAuthRequestTest.java
-                		eu/stork/peps/test/simple/StorkLogoutRequestTest.java
-                		eu/stork/peps/test/simple/StorkLogoutResponseTest.java
-                		eu/stork/peps/test/simple/StorkNewResponseTest.java
-                		eu/stork/peps/test/simple/StorkResponseTest.java
-                		test/MOAIDTestCase.java
-                		test/at/gv/egovernment/moa/MOATestCase.java
-                		test/at/gv/egovernment/moa/id/UnitTestCase.java
-                		test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
-                		test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java
-                		test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java
-                		test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
-                		test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java
-                		test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java
-                		test/at/gv/egovernment/moa/id/auth/invoke/IdentityLinkAssertionParserTest.java
-                		test/at/gv/egovernment/moa/id/auth/invoke/MOASPSSTestCase.java
-                		test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java
-                		test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
-                		test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java
-                		test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
-                		test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java
-                		test/at/gv/egovernment/moa/id/proxy/builder/SAMLArtifactBuilderTest.java
-                		test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java
-                		test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
-                		test/at/gv/egovernment/moa/spss/SPSSTestCase.java
-                		test/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureRequestParserTest.java
-                		test/at/gv/egovernment/moa/spss/api/xmlbind/TransformParserTest.java
-                		test/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParserTest.java
-                		test/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureRequestParserTest.java
-                		test/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImplTest.java
-                		test/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfiguratorTest.java
-                		test/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvokerTest.java
-                		test/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactoryTest.java
-                		test/at/gv/egovernment/moa/spss/server/invoke/TransformationFactoryTest.java
-                		test/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvokerTest.java
-                		test/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvokerTest.java
-                		test/at/gv/egovernment/moa/spss/server/tools/CertToolTest.java
-                		test/at/gv/egovernment/moa/util/DOMUtilsTest.java
-                		test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
-                		test/at/gv/egovernment/moa/util/SSLUtilsTest.java
-                		test/at/gv/egovernment/moa/util/URLDecoderTest.java
-                		test/at/gv/egovernment/moa/util/URLEncoderTest.java
-                		test/at/gv/egovernment/moa/util/XMLGrammarBuilderTest.java
-                		test/at/gv/egovernment/moa/util/XPathUtilsTest.java
-                	
-                
-            
-            
-                org.apache.maven.plugins
-                maven-compiler-plugin
-                3.6.1
-                
-                    false
-                    true
-                    ${env.BUILD_EXECUTEABLE}
-                    ${env.BUILD_VERSION}
-                    ${project.build.sourceEncoding}
-                    1.8
-                    1.8
-                
-            
-            
-                org.apache.maven.plugins
-                maven-jar-plugin
-                3.1.2
-                
-                    
-                        
-                            true
-                        
-                    
-                
-            
-            
-                false
-                maven-assembly-plugin
-                 
-                2.2.2
-                
-                
-                    moa
-                    UTF-8
-                    
-                        id/assembly-auth-final.xml
-                        id/assembly-auth-edu.xml
-                        id/assembly-proxy.xml   
-                                              
-
-                    
-                
-            
-            
-            
-            	org.codehaus.mojo
-    			versions-maven-plugin
-    			2.7
-            
-            
-            		            
-
-            
-        
-        
-    
-
-    
-        
-            
-                org.apache.maven.plugins
-                maven-javadoc-plugin
-                
-                    test.*
-                    false
-                
-            
-        
-    
-
-    
-        
-
-					
-						org.apache.commons
-						commons-dbcp2
-						${org.apache.commons.commons.dbcp2}
-					
-			
-  				org.opensaml
-  				opensaml
-  				${opensaml.version}
-  			  		
-			
-				org.opensaml
-				xmltooling
-				${xmltooling.version}
-			
-			
-				org.opensaml
-				openws
-				${org.opensaml.openws.version}
-			
-			
-				org.apache.santuario
-				xmlsec
-				${xmlsec.version}
-			
-			
-			
-    			javax.xml.ws
-    			jaxws-api
-    			${jaxws-api.version}
-			
-			
-    			javax.jws
-    			javax.jws-api
-    			${jws-api.version}
-			
-			
-
-		
-			com.google.guava
-			guava
-			${guava.version}
-		
-
-    	
-        	org.apache.cxf
-        	cxf-rt-frontend-jaxws
-        	${cxf.version}
-    	
-    	
-        	org.apache.cxf
-        	cxf-rt-transports-http
-        	${cxf.version}
-    	
-
-				
-					commons-collections
-					commons-collections
-					${org.apache.commons.collections3.version}
-				
-
-		
-    		org.apache.commons
-    		commons-text
-    		${org.apache.commons-text.version}
-		
-
-        
-            org.apache.struts
-            struts2-core
-            ${struts.version}
-        
-        
-            org.apache.struts
-            struts2-json-plugin
-            ${struts.version}
-        
-
-        
-            at.gv.util
-            egovutils
-            ${egovutils.version}
-        
-
-    	
-    		at.gv.egiz.components
-    		egiz-spring-api
-    		${egiz-spring-api.version}
-    	
-
-        
-            org.slf4j
-            slf4j-api
-            ${slf4j.version}
-        
-        
-            org.slf4j
-            jcl-over-slf4j
-            ${slf4j.version}
-        
-        
-            org.slf4j
-            jul-to-slf4j
-            ${slf4j.version}
-        
-        
-						org.slf4j
-						slf4j-log4j12
-						${slf4j.version}
-				
-		 
-            
-                jaxen
-                jaxen
-                1.1.6
-            
-            
-                saxpath
-                saxpath
-                1.0-FCS
-                compile 
-            
-
- 						
-							org.apache.logging.log4j
-							log4j-core
-							2.5
-						            					
-            					
-    				
-    					org.apache.httpcomponents
-    					httpclient
-    					${httpclient.version}
-						            					
-            
-            
-    						org.apache.httpcomponents
-    						httpcore
-    						${httpcore.version}
-						
-            
-						
-							org.postgresql
-							postgresql
-							9.3-1102-jdbc41
-						
-
-            
-                javax.mail
-                mail
-                1.4.7
-            
-            
-                commons-fileupload
-                commons-fileupload
-                1.3.3
-            
-            
-               commons-httpclient
-               commons-httpclient
-               3.1
-                       
-            
-                dav4j
-                dav4j
-                0.1
-                compile
-            
-            
-                httpsclient
-                httpsclient
-                JSSE-1.0
-                compile
-            
-
-
-
-
-
-						
-							at.gv.egiz.eaaf
-  							eaaf_core_api
-  							${egiz.eaaf.version}
-						
-						
-	    					at.gv.egiz.eaaf
-	  						eaaf-core
-	  						${egiz.eaaf.version}
-	  					
-	  					
-							at.gv.egiz.eaaf
-  							eaaf-core
-  							test-jar
-  							${egiz.eaaf.version}
-  							test
-						
-	  					
-	  						at.gv.egiz.eaaf
-  							eaaf_module_pvp2_idp
-  							${egiz.eaaf.version}
-  						
-  						 
-							at.gv.egiz.eaaf
-  							eaaf_module_pvp2_sp
-  							${egiz.eaaf.version}
-						  							
-						
-        					at.gv.egiz.eaaf
-        					eaaf_module_pvp2_core
-        					${egiz.eaaf.version}
-        				
-        				
-        					at.gv.egiz.eaaf
-	  						eaaf_module_auth_sl20
-	  						${egiz.eaaf.version}
-        				  							
-  							
-  							
-      					
-							MOA.id.server
-							moa-id-spring-initializer
-							${moa-id-version}
-						
-
-						
-							MOA.id.server
-  						moa-id-frontend-resources
-  						${moa-id-version}
-						
-
-						
-							MOA.id
-							moa-spss-container
-  						${moa-id-version}
-  						pom
-						
-						
-						
-						
-            
-                MOA.id.server
-                moa-id-lib
-                ${moa-id-version}
-                compile
-            
-            
-            	MOA.id.server
-            	moa-id-commons
-            	${moa-id-version}
-              compile
-        		
-        		
-        		
-    					MOA.id.server
-    					moa-id-jaxb_classes
-    					${moa-id-version}
-    				
-        		
-        		
-  						MOA.id.server
-  						moa-id-lib
-  						${moa-id-version}
-  						test
-  						test-jar
-  					
-               		
-			
-				MOA.id.server.modules
-				moa-id-module-stork
-				${moa-id-version}
-			            
-			
-				MOA.id.server.modules
-				moa-id-module-monitoring
-				${moa-id-version}
-			
-			
-				MOA.id.server.modules
-				moa-id-module-saml1
-				${moa-id-version}
-			
-			
-				MOA.id.server.modules
-				moa-id-module-openID
-				${moa-id-version}
-			
-			
-				MOA.id.server.modules
-				moa-id-modul-citizencard_authentication
-				${moa-id-version}
-			
-			
-				MOA.id.server.modules
-				moa-id-module-eIDAS
-				${moa-id-version}
-			
-			
-				MOA.id.server.modules
-				moa-id-module-pvp2
-				${moa-id-version}
-			 
-			
-				MOA.id.server.modules
-				moa-id-modules-federated_authentication
-				${moa-id-version}
-			 
-
-			
-				MOA.id.server.modules
-    		moa-id-module-elga_mandate_service
-    		${moa-id-module-elga_mandate_client}
-			
-			   			                         
-      
-				MOA.id.server.modules
-				moa-id-module-bkaMobilaAuthSAML2Test
-				${moa-id-version}
-				
-			   			                         
-      
-				MOA.id.server.modules
-				moa-id-module-sl20_authentication
-				${moa-id-version}
-			
-			
-			
-				MOA.id.server.modules
-				moa-id-module-AT_eIDAS_connector
-				${moa-id-version}
-							   			                         
-			   
-      
-				MOA.id.server.modules
-				moa-id-module-EID_connector
-				${moa-id-version}
-			
-         
-         			                         
-             
-                MOA.id.server
-                moa-id-commons
-                ${moa-id-version}
-                test-jar
-                test
-            
-             
-            
-                junit
-                junit
-                ${junit.version}
-                test
-            
-            
-                commons-logging
-                commons-logging
-                1.2
-                compile
-            
-            
-            
-            	javax.servlet
-							javax.servlet-api
-							3.0.1 
-						provide                
-            
-             
-                javax.activation
-                activation
-                1.1.1	
-                compile
-            
-            
-                commons-discovery
-                commons-discovery
-                0.5	
-                compile
-            
-            
-            
-                iaik.prod
-                iaik_jce_full
-                5.52_moa
-            
-            
-            
-                iaik.prod
-                iaik_X509TrustManager
-                0.3.1
-                compile
-            
-            
-                iaik.prod
-                iaik_Pkcs11Provider
-                1.2.4
-                runtime
-            
-            
-                iaik.prod
-                iaik_Pkcs11Wrapper
-                1.2.17
-                compile
-            
-            
-                iaik.prod
-                iaik_Pkcs11Wrapper
-                1.2.17
-                win32
-                dll
-                runtime
-            
-            
-                iaik.prod
-                iaik_Pkcs11Wrapper
-                1.2.17
-                linux
-                so
-                runtime
-            
-            
-                iaik.prod
-                iaik_Pkcs11Wrapper
-                1.2.17
-                linux_x64
-                so
-                runtime
-            
-            
-                iaik.prod
-                iaik_Pkcs11Wrapper
-                1.2.17
-                solaris_sparc
-                so
-                runtime
-            
-            
-                iaik.prod
-                iaik_Pkcs11Wrapper
-                1.2.17
-                solaris_sparcv9
-                so
-                runtime
-            
-            
-                iaik.prod
-                iaik_Pkcs11Wrapper
-                1.2.17
-                 win64
-                dll
-                runtime
-            
-
-		
-			javax.xml.bind
-    		jaxb-api
-    		${jaxb.version}
-		
-            		
-            
-                xerces
-                xercesImpl
-                2.11.0
-                compile	
-            
-            
-            
-                xalan-bin-dist
-                xml-apis
-                2.11.0
-                runtime
-            
-            
-            
-                xalan-bin-dist
-                xalan
-                2.7.1
-                compile
-            
-            
-                xalan-bin-dist
-                serializer
-                2.7.1
-                runtime
-            
-            
-			
-				org.springframework
-				spring-webmvc
-				${org.springframework.version}
-			
-			
-			
-	        	org.springframework.data
-	        	spring-data-redis
-	        	${org.springframework.data.spring-data-redis}
-	    	
-			
-			
-            
-            
-                com.fasterxml.jackson.core
-                jackson-core
-                ${jackson-version}
-			
-			
-			
-                com.fasterxml.jackson.core
-                jackson-databind
-                ${jackson-version}
-            
-            
-                com.fasterxml.jackson.core
-                jackson-annotations
-                ${jackson-version}
-            
-			
-				commons-cli
-				commons-cli
-				${apache-cli-version}
-			
-			
-			
-				com.sun.xml.bind
-				jaxb-core
-				${jaxb-core.version}
-			
-			
-				com.sun.xml.bind
-				jaxb-impl
-				${jaxb.version}
-			
-
-			
-				org.easymock
-				easymock
-				test
-				3.5
-			
-			
-				org.unitils
-				unitils-core
-				3.4.6
-			
-			
-			
-    
+
+
+  4.0.0
+  MOA
+  MOA
+  pom
+  4.1.0
+  MOA
 
-    
-        
-            iaik.prod
-            iaik_Pkcs11Wrapper
-            win32
-            dll
-            runtime
-        
-        
-            iaik.prod
-            iaik_Pkcs11Wrapper
-            linux
-            so
-            runtime
-        
-        
-            iaik.prod
-            iaik_Pkcs11Wrapper
-            linux_x64
-            so
-            runtime
-        
-        
-            iaik.prod
-            iaik_Pkcs11Wrapper
-            solaris_sparc
-            so
-            runtime
-        
-        
-            iaik.prod
-            iaik_Pkcs11Wrapper
-            solaris_sparcv9
-            so
-            runtime
-        
-        
-            iaik.prod
-            iaik_Pkcs11Wrapper
-            win64
-            dll
-            runtime
-        
-        
-            commons-io
-            commons-io
-            ${org.apache.commons.io.version}
-        
+  
+    ${basedir}/repository
+    UTF-8
 
-    
+    
+    4.1.0
+
+    4.1.0
+    4.1.0
+
+    2.0.1
+
+    3.0.1
+    2.0.6
+
+    1.3.2
+
+    
+    0.3
+    1.0.13.2
+    5.2.2.RELEASE
+    2.2.3.RELEASE
+    2.2.3.RELEASE
+    2.22.0
+
+    2.3.1
+    2.3.0.1
+    28.1-jre
+
+    2.6.6 
+    1.5.6
+    1.4.6
+    2.1.3
+    2.3.1
+    1.1
+
+    5.4.3.Final
+    2.6.0
+
+    3.3.4
+    2.5.22 
+
+    2.0.0
 
-    
+    1.7.26
+
+    4.5.8
+    4.4.11
+
+    
+    8.0.16
+    
+
+    4.12
+    2.6
+    3.9
+    4.3
+    3.2.2
+    1.6
+    2.10.2
+
+    2.9.9
+    1.4
+    ${org.springframework.version}
+
+  
+
+  
+    
+      default
+      
+        true
+        
+          default
+        
+      
+      
+        id
+      
+      
         
-            MOA
-            MOA Dependencies
-            
-            default
-            file://${repositoryPath}
+          moaid_local
+          local
+          file:${basedir}/../../../repository
         
-    
+        
+        
+          egiz-shibboleth-mirror
+          egiz-shibboleth-mirror
+          https://apps.egiz.gv.at/shibboleth_nexus/
+        
+        
+          jboss
+          https://repository.jboss.org/nexus/content/repositories/central/
+          
+            true
+          
+        
+        
+          egiz-commons
+          https://apps.egiz.gv.at/maven/
+          
+            true
+          
+        
+
+      
+    
+  
+
+  
+    
+      
+        
+          maven-release-plugin
+          2.5.1
+        
+      
+    
+    
+      
+      
+        org.apache.maven.plugins
+        maven-surefire-plugin
+        ${surefire.version}
+        
+          
+            eu/stork/peps/test/simple/SimpleBaseTest.java
+            eu/stork/peps/test/simple/StorkAttrQueryRequestTest.java
+            eu/stork/peps/test/simple/StorkAttrQueryResponseTest.java
+            eu/stork/peps/test/simple/StorkAuthRequestTest.java
+            eu/stork/peps/test/simple/StorkLogoutRequestTest.java
+            eu/stork/peps/test/simple/StorkLogoutResponseTest.java
+            eu/stork/peps/test/simple/StorkNewResponseTest.java
+            eu/stork/peps/test/simple/StorkResponseTest.java
+            test/MOAIDTestCase.java
+            test/at/gv/egovernment/moa/MOATestCase.java
+            test/at/gv/egovernment/moa/id/UnitTestCase.java
+            test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
+            test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java
+            test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java
+            test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
+            test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java
+            test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java
+            test/at/gv/egovernment/moa/id/auth/invoke/IdentityLinkAssertionParserTest.java
+            test/at/gv/egovernment/moa/id/auth/invoke/MOASPSSTestCase.java
+            test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java
+            test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
+            test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java
+            test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
+            test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java
+            test/at/gv/egovernment/moa/id/proxy/builder/SAMLArtifactBuilderTest.java
+            test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java
+            test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
+            test/at/gv/egovernment/moa/spss/SPSSTestCase.java
+            test/at/gv/egovernment/moa/spss/api/xmlbind/CreateXMLSignatureRequestParserTest.java
+            test/at/gv/egovernment/moa/spss/api/xmlbind/TransformParserTest.java
+            test/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParserTest.java
+            test/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureRequestParserTest.java
+            test/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImplTest.java
+            test/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfiguratorTest.java
+            test/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvokerTest.java
+            test/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactoryTest.java
+            test/at/gv/egovernment/moa/spss/server/invoke/TransformationFactoryTest.java
+            test/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvokerTest.java
+            test/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvokerTest.java
+            test/at/gv/egovernment/moa/spss/server/tools/CertToolTest.java
+            test/at/gv/egovernment/moa/util/DOMUtilsTest.java
+            test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
+            test/at/gv/egovernment/moa/util/SSLUtilsTest.java
+            test/at/gv/egovernment/moa/util/URLDecoderTest.java
+            test/at/gv/egovernment/moa/util/URLEncoderTest.java
+            test/at/gv/egovernment/moa/util/XMLGrammarBuilderTest.java
+            test/at/gv/egovernment/moa/util/XPathUtilsTest.java
+          
+        
+      
+      
+        org.apache.maven.plugins
+        maven-compiler-plugin
+        3.6.1
+        
+          false
+          true
+          ${env.BUILD_EXECUTEABLE}
+          ${env.BUILD_VERSION}
+          ${project.build.sourceEncoding}
+          1.8
+          1.8
+        
+      
+      
+        org.apache.maven.plugins
+        maven-jar-plugin
+        3.1.2
+        
+          
+            
+              true
+            
+          
+        
+      
+      
+        false
+        maven-assembly-plugin
+        
+        2.2.2
+        
+        
+          moa
+          UTF-8
+          
+            id/assembly-auth-final.xml
+            id/assembly-auth-edu.xml
+            id/assembly-proxy.xml
+
+            
+          
+        
+      
+
+      
+        org.codehaus.mojo
+        versions-maven-plugin
+        2.7
+      
+
+      
+      
+
+    
+
+  
+
+  
+    
+      
+        org.apache.maven.plugins
+        maven-javadoc-plugin
+        
+          test.*
+          false
+        
+      
+    
+  
+
+  
+    
+
+      
+        org.apache.commons
+        commons-dbcp2
+        ${org.apache.commons.commons.dbcp2}
+      
+      
+        org.opensaml
+        opensaml
+        ${opensaml.version}
+      
+      
+        org.opensaml
+        xmltooling
+        ${xmltooling.version}
+      
+      
+        org.opensaml
+        openws
+        ${org.opensaml.openws.version}
+      
+      
+        org.apache.santuario
+        xmlsec
+        ${xmlsec.version}
+      
+
+      
+        javax.xml.ws
+        jaxws-api
+        ${jaxws-api.version}
+      
+      
+        javax.jws
+        javax.jws-api
+        ${jws-api.version}
+      
+
+
+      
+        com.google.guava
+        guava
+        ${guava.version}
+      
+
+      
+        org.apache.cxf
+        cxf-rt-frontend-jaxws
+        ${cxf.version}
+      
+      
+        org.apache.cxf
+        cxf-rt-transports-http
+        ${cxf.version}
+      
+
+      
+        commons-collections
+        commons-collections
+        ${org.apache.commons.collections3.version}
+      
+
+      
+        org.apache.commons
+        commons-text
+        ${org.apache.commons-text.version}
+      
+
+      
+        org.apache.struts
+        struts2-core
+        ${struts.version}
+      
+      
+        org.apache.struts
+        struts2-json-plugin
+        ${struts.version}
+      
+
+      
+        at.gv.util
+        egovutils
+        ${egovutils.version}
+      
+
+      
+        at.gv.egiz.components
+        egiz-spring-api
+        ${egiz-spring-api.version}
+      
+
+      
+        org.slf4j
+        slf4j-api
+        ${slf4j.version}
+      
+      
+        org.slf4j
+        jcl-over-slf4j
+        ${slf4j.version}
+      
+      
+        org.slf4j
+        jul-to-slf4j
+        ${slf4j.version}
+      
+      
+        org.slf4j
+        slf4j-log4j12
+        ${slf4j.version}
+      
+
+      
+        jaxen
+        jaxen
+        1.1.6
+      
+      
+        saxpath
+        saxpath
+        1.0-FCS
+        compile
+      
+
+      
+        org.apache.logging.log4j
+        log4j-core
+        2.5
+      
+
+      
+        org.apache.httpcomponents
+        httpclient
+        ${httpclient.version}
+      
+
+      
+        org.apache.httpcomponents
+        httpcore
+        ${httpcore.version}
+      
+
+      
+        org.postgresql
+        postgresql
+        9.3-1102-jdbc41
+      
+
+      
+        javax.mail
+        mail
+        1.4.7
+      
+      
+        commons-fileupload
+        commons-fileupload
+        1.3.3
+      
+      
+        commons-httpclient
+        commons-httpclient
+        3.1
+      
+      
+        dav4j
+        dav4j
+        0.1
+        compile
+      
+      
+        httpsclient
+        httpsclient
+        JSSE-1.0
+        compile
+      
+      
+
+
+      
+
+      
+        at.gv.egiz.eaaf
+        eaaf_core_api
+        ${egiz.eaaf.version}
+      
+      
+        at.gv.egiz.eaaf
+        eaaf-core
+        ${egiz.eaaf.version}
+      
+      
+        at.gv.egiz.eaaf
+        eaaf-core
+        test-jar
+        ${egiz.eaaf.version}
+        test
+      
+      
+        at.gv.egiz.eaaf
+        eaaf_module_pvp2_idp
+        ${egiz.eaaf.version}
+      
+      
+        at.gv.egiz.eaaf
+        eaaf_module_pvp2_sp
+        ${egiz.eaaf.version}
+      
+      
+        at.gv.egiz.eaaf
+        eaaf_module_pvp2_core
+        ${egiz.eaaf.version}
+      
+      
+        at.gv.egiz.eaaf
+        eaaf_module_auth_sl20
+        ${egiz.eaaf.version}
+      
+      
+        at.gv.egiz.eaaf
+        eaaf_core_utils
+        ${egiz.eaaf.version}
+        test
+        test-jar
+      
+      
+        at.gv.egiz.eaaf
+        eaaf-core
+        ${egiz.eaaf.version}
+        test 
+        test-jar
+      
+
+
+      
+        MOA.id.server
+        moa-id-spring-initializer
+        ${moa-id-version}
+      
+
+      
+        MOA.id.server
+        moa-id-frontend-resources
+        ${moa-id-version}
+      
+
+      
+        MOA.id
+        moa-spss-container
+        ${moa-id-version}
+        pom
+      
+
+
+
+      
+        MOA.id.server
+        moa-id-lib
+        ${moa-id-version}
+        compile
+      
+      
+        MOA.id.server
+        moa-id-commons
+        ${moa-id-version}
+        compile
+      
+
+      
+        MOA.id.server
+        moa-id-jaxb_classes
+        ${moa-id-version}
+      
+
+      
+        MOA.id.server
+        moa-id-lib
+        ${moa-id-version}
+        test
+        test-jar
+      
+
+      
+        MOA.id.server.modules
+        moa-id-module-stork
+        ${moa-id-version}
+      
+      
+        MOA.id.server.modules
+        moa-id-module-monitoring
+        ${moa-id-version}
+      
+      
+        MOA.id.server.modules
+        moa-id-module-saml1
+        ${moa-id-version}
+      
+      
+        MOA.id.server.modules
+        moa-id-module-openID
+        ${moa-id-version}
+      
+      
+        MOA.id.server.modules
+        moa-id-modul-citizencard_authentication
+        ${moa-id-version}
+      
+      
+        MOA.id.server.modules
+        moa-id-module-eIDAS
+        ${moa-id-version}
+      
+      
+        MOA.id.server.modules
+        moa-id-module-pvp2
+        ${moa-id-version}
+      
+      
+        MOA.id.server.modules
+        moa-id-modules-federated_authentication
+        ${moa-id-version}
+      
+
+      
+        MOA.id.server.modules
+        moa-id-module-elga_mandate_service
+        ${moa-id-module-elga_mandate_client}
+      
+
+      
+        MOA.id.server.modules
+        moa-id-module-bkaMobilaAuthSAML2Test
+        ${moa-id-version}
+      
+
+      
+        MOA.id.server.modules
+        moa-id-module-sl20_authentication
+        ${moa-id-version}
+      
+
+      
+        MOA.id.server.modules
+        moa-id-module-AT_eIDAS_connector
+        ${moa-id-version}
+      
+
+      
+        MOA.id.server.modules
+        moa-id-module-EID_connector
+        ${moa-id-version}
+      
+
+
+      
+        MOA.id.server
+        moa-id-commons
+        ${moa-id-version}
+        test-jar
+        test
+      
+
+      
+        junit
+        junit
+        ${junit.version}
+        test
+      
+      
+        commons-logging
+        commons-logging
+        1.2
+        compile
+      
+
+      
+        javax.servlet
+        javax.servlet-api
+        3.0.1
+        provide
+      
+      
+        javax.activation
+        activation
+        1.1.1
+        compile
+      
+      
+        commons-discovery
+        commons-discovery
+        0.5
+        compile
+      
+      
+      
+        iaik.prod
+        iaik_jce_full
+        5.52_moa
+      
+
+      
+        iaik.prod
+        iaik_X509TrustManager
+        0.3.1
+        compile
+      
+      
+        iaik.prod
+        iaik_Pkcs11Provider
+        1.2.4
+        runtime
+      
+      
+        iaik.prod
+        iaik_Pkcs11Wrapper
+        1.2.17
+        compile
+      
+      
+        iaik.prod
+        iaik_Pkcs11Wrapper
+        1.2.17
+        win32
+        dll
+        runtime
+      
+      
+        iaik.prod
+        iaik_Pkcs11Wrapper
+        1.2.17
+        linux
+        so
+        runtime
+      
+      
+        iaik.prod
+        iaik_Pkcs11Wrapper
+        1.2.17
+        linux_x64
+        so
+        runtime
+      
+      
+        iaik.prod
+        iaik_Pkcs11Wrapper
+        1.2.17
+        solaris_sparc
+        so
+        runtime
+      
+      
+        iaik.prod
+        iaik_Pkcs11Wrapper
+        1.2.17
+        solaris_sparcv9
+        so
+        runtime
+      
+      
+        iaik.prod
+        iaik_Pkcs11Wrapper
+        1.2.17
+        win64
+        dll
+        runtime
+      
+
+      
+        javax.xml.bind
+        jaxb-api
+        ${jaxb.version}
+      
+
+      
+        xerces
+        xercesImpl
+        2.11.0
+        compile
+      
+      
+      
+        xalan-bin-dist
+        xml-apis
+        2.11.0
+        runtime
+      
+      
+      
+        xalan-bin-dist
+        xalan
+        2.7.1
+        compile
+      
+      
+        xalan-bin-dist
+        serializer
+        2.7.1
+        runtime
+      
+
+      
+        org.springframework
+        spring-webmvc
+        ${org.springframework.version}
+      
+
+      
+        org.springframework.data
+        spring-data-redis
+        ${org.springframework.data.spring-data-redis}
+      
+
+
+      
+      
+        com.fasterxml.jackson.core
+        jackson-core
+        ${jackson-version}
+      
+      
+      
+        com.fasterxml.jackson.core
+        jackson-databind
+        ${jackson-version}
+      
+      
+        com.fasterxml.jackson.core
+        jackson-annotations
+        ${jackson-version}
+      
+      
+        commons-cli
+        commons-cli
+        ${apache-cli-version}
+      
+
+      
+        com.sun.xml.bind
+        jaxb-core
+        ${jaxb-core.version}
+      
+      
+        com.sun.xml.bind
+        jaxb-impl
+        ${jaxb.version}
+      
+
+      
+        org.easymock
+        easymock
+        test
+        3.5
+      
+      
+        org.unitils
+        unitils-core
+        3.4.6
+      
+
+    
+  
+
+  
+    
+      iaik.prod
+      iaik_Pkcs11Wrapper
+      win32
+      dll
+      runtime
+    
+    
+      iaik.prod
+      iaik_Pkcs11Wrapper
+      linux
+      so
+      runtime
+    
+    
+      iaik.prod
+      iaik_Pkcs11Wrapper
+      linux_x64
+      so
+      runtime
+    
+    
+      iaik.prod
+      iaik_Pkcs11Wrapper
+      solaris_sparc
+      so
+      runtime
+    
+    
+      iaik.prod
+      iaik_Pkcs11Wrapper
+      solaris_sparcv9
+      so
+      runtime
+    
+    
+      iaik.prod
+      iaik_Pkcs11Wrapper
+      win64
+      dll
+      runtime
+    
+    
+      commons-io
+      commons-io
+      ${org.apache.commons.io.version}
+    
+
+  
+
+  
+    
+      MOA
+      MOA Dependencies
+      
+      default
+      file://${repositoryPath}
+    
+  
 
-- 
cgit v1.2.3


From ada57605a8127ee25cbb6c2999addf721ab17db1 Mon Sep 17 00:00:00 2001
From: Thomas Lenz 
Date: Fri, 13 Dec 2019 09:33:04 +0100
Subject: fix problem with old Redis library fix configuration GUI

---
 .../src/main/resources/applicationResources_de.properties           | 4 ++--
 .../src/main/resources/applicationResources_en.properties           | 4 ++--
 .../src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp         | 6 ++++--
 id/server/idserverlib/pom.xml                                       | 2 +-
 4 files changed, 9 insertions(+), 7 deletions(-)

(limited to 'id/server/idserverlib')

diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index 9155d7684..a52efa28d 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -264,8 +264,8 @@ webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden
 webpages.oaconfig.general.aditional.calculateHPI="TODO!"
 webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden
 
-webpages.oaconfig.general.neweid.header=E-ID Attribute 
-webpages.oaconfig.general.neweid.activate=Neue E-ID Attribute \u00FCbertragen
+webpages.oaconfig.general.neweid.header=E-ID Proxy-Mode 
+webpages.oaconfig.general.neweid.activate=E-ID Proxy-Mode aktivieren
 webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV)
 webpages.oaconfig.general.additionalbpks.sectors=Sektoren f\u00FCr weitere bPKs (CSV)
 
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index 7d242de01..0109c3b02 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -270,8 +270,8 @@ webpages.oaconfig.general.aditional.useUTC=Use UTC time
 webpages.oaconfig.general.aditional.calculateHPI="TODO!"
 webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock
 
-webpages.oaconfig.general.neweid.header=Austrian E-ID Attributes 
-webpages.oaconfig.general.neweid.activate=Add additional E-ID Attributes
+webpages.oaconfig.general.neweid.header=E-ID Proxy Mode
+webpages.oaconfig.general.neweid.activate=Activate E-ID Proxy Mode
 webpages.oaconfig.general.foreign.sectors=Sectors for foreign pseudonyms (CSV)
 webpages.oaconfig.general.additionalbpks.sectors=Sectors for additional pseudonyms (CSV)
 
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
index db79cb7d7..dc093fc36 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
@@ -123,7 +123,8 @@
 								cssClass="checkbox">
 						
 						
-						
+							 -->
+
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 39f6068e4..02069517c 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -509,7 +509,7 @@ redis.clients jedis - 2.10.2 + 3.1.0 'false' flag --- .../moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java | 1 + 1 file changed, 1 insertion(+) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index 4fefaf17b..2c099abf6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -98,6 +98,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { pendingReq.setRawDataToTransaction(ssoMOSSession.getKeyValueRepresentationFromAuthSession());; //authenticate pending-request + pendingReq.setNeedUserConsent(false); pendingReq.setAuthenticated(true); pendingReq.setAbortedByUser(false); -- cgit v1.2.3 From d34f9161257e803e13618749a7b78df333b0f937 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 9 Jan 2020 10:23:46 +0100 Subject: reactivate foreign-bPKs and additional bPKs in MOA-ID mode --- .../src/main/resources/applicationResources_de.properties | 2 ++ .../src/main/resources/applicationResources_en.properties | 2 ++ .../src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp | 13 +++++++------ .../moa/id/auth/builder/AuthenticationDataBuilder.java | 9 ++++----- 4 files changed, 15 insertions(+), 11 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index a52efa28d..3b053d665 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -266,6 +266,8 @@ webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden webpages.oaconfig.general.neweid.header=E-ID Proxy-Mode webpages.oaconfig.general.neweid.activate=E-ID Proxy-Mode aktivieren + +webpages.oaconfig.general.foreign.header=Weitere bPKs/fremd-bPKs im MOA-ID Mode webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV) webpages.oaconfig.general.additionalbpks.sectors=Sektoren f\u00FCr weitere bPKs (CSV) diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index 0109c3b02..550a9df78 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -272,6 +272,8 @@ webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock webpages.oaconfig.general.neweid.header=E-ID Proxy Mode webpages.oaconfig.general.neweid.activate=Activate E-ID Proxy Mode + +webpages.oaconfig.general.foreign.header=Additional bPKs/foreign-bPKs in case of MOA-ID mode webpages.oaconfig.general.foreign.sectors=Sectors for foreign pseudonyms (CSV) webpages.oaconfig.general.additionalbpks.sectors=Sectors for additional pseudonyms (CSV) diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp index dc093fc36..ef62ef0e6 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp @@ -113,7 +113,7 @@ -
+

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.neweid.header", request) %>

- - - -
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index d26f7b396..085874e77 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -538,7 +538,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder //build foreign bPKs generateForeignbPK(oaParam, authData); - + + Logger.debug("Search for additional bPKs"); + generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested()); if (Boolean.parseBoolean( oaParam.getConfigurationValue( @@ -546,10 +548,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder String.valueOf(false)))) { Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... "); - //build additional bPKs - Logger.debug("Search for additional bPKs"); - generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested()); - + //build additional bPKs Logger.debug("Clearing identitylink ... "); authData.setIdentityLink(null); -- cgit v1.2.3 From 70262ef097d022fa2c8cb8f7f95362b52e394b8c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 15 Jan 2020 14:20:13 +0100 Subject: fix possible error in E-ID Proxy mode --- .../id/auth/builder/AuthenticationDataBuilder.java | 36 ++++++++++++++-------- 1 file changed, 24 insertions(+), 12 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 085874e77..6a01bd1fb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -912,18 +912,30 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder private void generateAdditonalbPK(MOAAuthenticationData authData, List additionalbPKSectorsRequested) throws EAAFBuilderException { if (additionalbPKSectorsRequested != null && !additionalbPKSectorsRequested.isEmpty()) { - Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); - for (String sector : additionalbPKSectorsRequested) { - Logger.trace("Process sector: " + sector + " ... "); - Pair bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( - authData.getIdentificationValue(), - authData.getIdentificationType(), - sector); - - Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() ); - authData.addAdditionalbPKPair(bpk); - - } + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + + try { + for (String sector : additionalbPKSectorsRequested) { + Logger.trace("Process sector: " + sector + " ... "); + Pair bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + authData.getIdentificationValue(), + authData.getIdentificationType(), + sector); + + Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() ); + authData.addAdditionalbPKPair(bpk); + + } + + } catch (Exception e) { + Logger.warn("Can NOT generate additional bPKs. Reason: " + e.getMessage()); + + if (Logger.isDebugEnabled()) { + Logger.warn("StackTrace: ", e); + + } + + } } } @Override -- cgit v1.2.3 From be1c69d66fdf98658a3183e346401be9ad4d4cc3 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 20 Jan 2020 14:58:29 +0100 Subject: update maven repository --- id/moa-spss-container/pom.xml | 415 ++++++++++----------- .../id/auth/builder/AuthenticationDataBuilder.java | 41 +- 2 files changed, 242 insertions(+), 214 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index fb27ca174..75f8d1d35 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -1,4 +1,7 @@ - + + 4.0.0 MOA @@ -9,226 +12,216 @@ moa-spss-container MOA-SPSS-Container-for-MOA-ID This module holds MOA-SPSS and all required library - + - ${basedir}/../../repository - - + ${basedir}/../../repository + + - - MOA - MOA Dependencies - - true - ignore - - default - file://${repositoryPath} - + + MOA + MOA Dependencies + + true + ignore + + default + file://${repositoryPath} + + + MOA_web + MOA Dependencies weblocation + + true + ignore + + default + https://git.egiz.gv.at/EAAF-Components/plain/eaaf_modules/eaaf_module_moa-sig/repository + - + - - - org.apache.maven.plugins + + + org.apache.maven.plugins maven-compiler-plugin - - ${basedir}/../../repository/MOA/spss/ext_libs/*.jar - - + + ${basedir}/../../repository/MOA/spss/ext_libs/*.jar + + - - + + - + - - MOA.spss.server - moa-sig-lib - 3.1.2 - - - commons-logging - commons-logging - - - * - axis - - - - - - - - MOA.spss - common - 3.1.2 - - - MOA.spss - tsl_lib - 2.0.2 - - - iaik.prod - iaik_cms - 5.1 - - - iaik.prod - iaik_cpades - 2.5.1_moa - - - iaik.prod - iaik_cpxlevel - 0.9_moa - - - iaik.prod - iaik_eccelerate - 5.01 - - - - iaik.prod - iaik_eccelerate_addon - 5.01 - - - - iaik.prod - iaik_eccelerate_cms - 5.01 - - - iaik.prod - iaik_jce_full - - - - iaik.prod - iaik_jsse - 4.4 - - - iaik.prod + + MOA.spss.server + moa-sig-lib + 3.1.2 + + + commons-logging + commons-logging + + + * + axis + + + + + + + + MOA.spss + common + 3.1.2 + + + MOA.spss + tsl_lib + 2.0.2 + + + iaik.prod + iaik_cms + 5.1 + + + iaik.prod + iaik_cpades + 2.5.1_moa + + + iaik.prod + iaik_cpxlevel + 0.9_moa + + + iaik.prod + iaik_eccelerate + 5.01 + + + + iaik.prod + iaik_eccelerate_addon + 5.01 + + + + iaik.prod + iaik_eccelerate_cms + 5.01 + + + iaik.prod + iaik_jce_full + + + + iaik.prod + iaik_jsse + 4.4 + + + iaik.prod iaik_moa 2.06 - - - iaik.prod - iaik_pki_module - 2.01_moa - - - iaik.prod - iaik_sva - 1.0.2_moa - - - iaik.prod - iaik_tsp - 2.32_eval - - - iaik.prod - iaik_util - 0.23 - - - iaik.prod - iaik_xades - 2.13_moa - - - iaik.prod - iaik_xsect - 2.13_moa - - - - - - - javax.mail - mail - - - junit - junit - - - org.postgresql - postgresql - - - - iaik.prod - iaik_Pkcs11Provider - runtime - - - iaik.prod - iaik_Pkcs11Wrapper - runtime - - - iaik.prod - iaik_Pkcs11Wrapper - win32 - dll - runtime - true - - - - - javax.xml.bind - jaxb-api - - - com.sun.xml.bind - jaxb-impl - - - com.sun.xml.bind - jaxb-core - - - - - - + + + iaik.prod + iaik_pki_module + 2.01_moa + + + iaik.prod + iaik_sva + 1.0.2_moa + + + iaik.prod + iaik_tsp + 2.32_eval + + + iaik.prod + iaik_util + 0.23 + + + iaik.prod + iaik_xades + 2.13_moa + + + iaik.prod + iaik_xsect + 2.13_moa + + + + + + + javax.mail + mail + + + junit + junit + + + org.postgresql + postgresql + + + + iaik.prod + iaik_Pkcs11Provider + runtime + + + iaik.prod + iaik_Pkcs11Wrapper + runtime + + + iaik.prod + iaik_Pkcs11Wrapper + win32 + dll + runtime + true + + + + + javax.xml.bind + jaxb-api + + + com.sun.xml.bind + jaxb-impl + + + com.sun.xml.bind + jaxb-core + + + + + + - + \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 6a01bd1fb..cdb0dae98 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -558,6 +558,10 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder Logger.info("Post-Processing for Austrian eID finished"); } + + injectNewEidAttributes(authData, session); + + //#################################################################### //copy all generic authentication information, which are not processed before to authData Iterator copyInterator = includedToGenericAuthData.iterator(); @@ -582,7 +586,33 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } - /** + private void injectNewEidAttributes(MOAAuthenticationData authData, IAuthenticationSession session) { + try { + String onlineIdl = session.getGenericDataFromSession(PVPConstants.EID_E_ID_TOKEN_NAME, String.class); + if (StringUtils.isNoneEmpty(onlineIdl)) { + authData.seteIDToken(Base64Utils.decode(onlineIdl, true)); + } + + } catch (IOException e) { + Logger.warn("Attribute: " + PVPConstants.EID_E_ID_TOKEN_NAME + " found, but injection failed: " + e.getMessage()); + + } + +// try { +// String eidStatusLevel = session.getGenericDataFromSession(PVPConstants.EID_IDENTITY_STATUS_LEVEL_NAME, String.class); +// if (StringUtils.isNotEmpty(eidStatusLevel)) { +// authData.setEidStatus(PVPConstants.EID_IDENTITY_STATUS_LEVEL_VALUES.); +// } +// } catch (Exception e) { +// Logger.warn("Attribute: " + PVPConstants.EID_IDENTITY_STATUS_LEVEL_NAME + " found, but injection failed: " + e.getMessage()); +// +// } + + } + + + + /** * @param authData * @param notValidbPK * @param notValidbPKType @@ -894,7 +924,12 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } } catch (Exception e) { - Logger.warn("Foreign bPK generation FAILED for sector: " + foreignSector, e); + Logger.info("Foreign bPK generation FAILED for sector: " + foreignSector); + if (Logger.isDebugEnabled()) { + Logger.warn("Details: ", e); + + } + } @@ -928,7 +963,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } } catch (Exception e) { - Logger.warn("Can NOT generate additional bPKs. Reason: " + e.getMessage()); + Logger.info("Can NOT generate additional bPKs. Reason: " + e.getMessage()); if (Logger.isDebugEnabled()) { Logger.warn("StackTrace: ", e); -- cgit v1.2.3 From 9ec3da77a6ed558e23fc5b476b672e66e8a3248b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 28 Jan 2020 10:36:46 +0100 Subject: fix wrong default configuration parameter that skips BKU selection --- .../conf/moa-id/SLTemplates/template_handyBKU.html | 33 +++++ .../conf/moa-id/SLTemplates/template_localBKU.html | 25 ++++ .../conf/moa-id/SLTemplates/template_thirdBKU.html | 32 ++++ .../deploy/conf/moa-id/eIDAS/EncryptModule.xml | 40 +++++ .../deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml | 98 +++++++++++++ .../data/deploy/conf/moa-id/eIDAS/SignModule.xml | 48 ++++++ .../deploy/conf/moa-id/eIDAS/encryptionConf.xml | 14 ++ .../data/deploy/conf/moa-id/moa-id.properties | 1 + .../transforms/TransformsInfoAuthBlockTable_DE.xml | 161 +++++++++++++++++++++ .../TransformsInfoAuthBlockTable_DE_2.0.xml | 7 + .../TransformsInfoAuthBlockTable_DE_3.0.xml | 7 + .../transforms/TransformsInfoAuthBlockTable_EN.xml | 161 +++++++++++++++++++++ .../id/auth/modules/BKUSelectionModuleImpl.java | 2 +- .../PropertyBasedAuthConfigurationProvider.java | 2 +- 14 files changed, 629 insertions(+), 2 deletions(-) create mode 100644 id/server/data/deploy/conf/moa-id/SLTemplates/template_handyBKU.html create mode 100644 id/server/data/deploy/conf/moa-id/SLTemplates/template_localBKU.html create mode 100644 id/server/data/deploy/conf/moa-id/SLTemplates/template_thirdBKU.html create mode 100644 id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml create mode 100644 id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml create mode 100644 id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml create mode 100644 id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml create mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml create mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml create mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_3.0.xml create mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml (limited to 'id/server/idserverlib') diff --git a/id/server/data/deploy/conf/moa-id/SLTemplates/template_handyBKU.html b/id/server/data/deploy/conf/moa-id/SLTemplates/template_handyBKU.html new file mode 100644 index 000000000..e62921efa --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/SLTemplates/template_handyBKU.html @@ -0,0 +1,33 @@ + + + + + + + + +
+ Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier: + + + + + + + + + + + + + +
+ +
+ + +
+
+
+ + \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/SLTemplates/template_localBKU.html b/id/server/data/deploy/conf/moa-id/SLTemplates/template_localBKU.html new file mode 100644 index 000000000..80d33ff85 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/SLTemplates/template_localBKU.html @@ -0,0 +1,25 @@ + + + + + + + + +
+ Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier: + + + + +
+ +
+ + +
+ +
+
+ + diff --git a/id/server/data/deploy/conf/moa-id/SLTemplates/template_thirdBKU.html b/id/server/data/deploy/conf/moa-id/SLTemplates/template_thirdBKU.html new file mode 100644 index 000000000..928c9f17b --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/SLTemplates/template_thirdBKU.html @@ -0,0 +1,32 @@ + + + + + + + + +
+ Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier: + + + + + + + + + + + + +
+ +
+ + +
+
+
+ + diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml new file mode 100644 index 000000000..46052053a --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml @@ -0,0 +1,40 @@ + + + + + SWModule encrypt with JKS. + + false + false + false + + + http://www.w3.org/2009/xmlenc11#aes256-gcm + + + + http://www.w3.org/2009/xmlenc11#aes128-gcm; + http://www.w3.org/2009/xmlenc11#aes256-gcm; + http://www.w3.org/2009/xmlenc11#aes192-gcm + + + + http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p + + keys/eidasKeyStore.jks + JKS + local-demo + local-demo + + + eIDAS/encryptionConf.xml + + CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium,C=BE + 54C8F779 + + + CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium, C=BE + 54C8F779 + + + \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml new file mode 100644 index 000000000..2327fb0d8 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml @@ -0,0 +1,98 @@ + + + + + SAML constants for AuthnRequests and Responses. + + + unspecified + + obtained + + + entity + + + + HTTP-POST + + false + false + false + + + true + + + false + + + http://S-PEPS.gov.xx + + + http://C-PEPS.gov.xx + + + 300 + + + false + + + true + + + http://www.stork.gov.eu/1.0/eIdentifier + http://www.stork.gov.eu/1.0/givenName + http://www.stork.gov.eu/1.0/surname + http://www.stork.gov.eu/1.0/inheritedFamilyName + http://www.stork.gov.eu/1.0/adoptedFamilyName + http://www.stork.gov.eu/1.0/gender + http://www.stork.gov.eu/1.0/dateOfBirth + http://www.stork.gov.eu/1.0/countryCodeOfBirth + http://www.stork.gov.eu/1.0/nationalityCode + http://www.stork.gov.eu/1.0/maritalStatus + http://www.stork.gov.eu/1.0/textResidenceAddress + http://www.stork.gov.eu/1.0/canonicalResidenceAddress + http://www.stork.gov.eu/1.0/eMail + http://www.stork.gov.eu/1.0/title + http://www.stork.gov.eu/1.0/residencePermit + http://www.stork.gov.eu/1.0/pseudonym + http://www.stork.gov.eu/1.0/age + http://www.stork.gov.eu/1.0/isAgeOver + http://www.stork.gov.eu/1.0/signedDoc + http://www.stork.gov.eu/1.0/citizenQAALevel + http://www.stork.gov.eu/1.0/fiscalNumber + http://www.stork.gov.eu/1.0/unknown + + + + http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName + http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName + http://eidas.europa.eu/attributes/naturalperson/DateOfBirth + http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier + http://eidas.europa.eu/attributes/naturalperson/BirthName + http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth + http://eidas.europa.eu/attributes/naturalperson/CurrentAddress + http://eidas.europa.eu/attributes/naturalperson/Gender + + http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier + http://eidas.europa.eu/attributes/legalperson/LegalAddress + http://eidas.europa.eu/attributes/legalperson/LegalName + http://eidas.europa.eu/attributes/legalperson/VATRegistration + http://eidas.europa.eu/attributes/legalperson/TaxReference + http://eidas.europa.eu/attributes/legalperson/D-2012-17-EUIdentifier + http://eidas.europa.eu/attributes/legalperson/LEI + http://eidas.europa.eu/attributes/legalperson/EORI + http://eidas.europa.eu/attributes/legalperson/SEED + http://eidas.europa.eu/attributes/legalperson/SIC + + \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml new file mode 100644 index 000000000..bf7215cb5 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml @@ -0,0 +1,48 @@ + + + + + SWModule sign with JKS. + false + false + + + + + + http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 + + + + http://www.w3.org/2001/04/xmldsig-more#rsa-sha256; + http://www.w3.org/2001/04/xmldsig-more#rsa-sha384; + http://www.w3.org/2001/04/xmldsig-more#rsa-sha512; + http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160; + http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256; + http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384; + http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512; + http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1; + http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-mgf1 + + + + true + + + keys/eidasKeyStore_Service_CB.jks + JKS + local-demo + local-demo + CN=cpeps-cb-demo-certificate, OU=STORK, O=CPEPS, L=EU, ST=EU, C=CB + 54C8F839 + + + + keys/eidasKeyStore_METADATA.jks + JKS + local-demo + local-demo + CN=metadata, OU=DIGIT, O=EC, L=Brussels, ST=EU, C=BE + 561BC0C8 + + diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml b/id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml new file mode 100644 index 000000000..ff8307f10 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml @@ -0,0 +1,14 @@ + + + + false + + false + + false + + false + + false + + \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties index 926f6153b..beeab5375 100644 --- a/id/server/data/deploy/conf/moa-id/moa-id.properties +++ b/id/server/data/deploy/conf/moa-id/moa-id.properties @@ -17,6 +17,7 @@ protocols.pvp2.schemavalidation=true configuration.moasession.key=SessionEncryptionKey configuration.moaconfig.key=ConfigurationEncryptionKey configuration.ssl.validation.revocation.method.order=ocsp,crl +general.moaidmode.active=true #configuration.ssl.validation.hostname=false #configuration.validate.authblock.targetfriendlyname=true< diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml new file mode 100644 index 000000000..1165d8b32 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml @@ -0,0 +1,161 @@ + + + + + + + + + Signatur der Anmeldedaten + + + +

Anmeldedaten:

+

Daten zur Person

+ + + + + + + + + + + + + + + + + + + + + + + + + +
Name: + +
Geburtsdatum: + + . + + . + +
Rolle: + +
Vollmacht: + Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde. +
+

Daten zur Anwendung

+ + + + + + + + + +
Name: + +
Staat:Österreich
+

Technische Parameter

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
URL: + +
Bereich: + +
+ Vollmachten-Referenz: + +
+ : + +
Identifikator: + + +
OID: + +
HPI: + +
Datum: + + . + + . + +
Uhrzeit: + + : + + : + +
+ + + + + + + + + application/xhtml+xml + + diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml new file mode 100644 index 000000000..e225ca6e0 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml @@ -0,0 +1,7 @@ +Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Name:
Geburtsdatum:..
Rolle:
Vollmacht:Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Name:
Staat:Österreich

Technische Parameter

URL:
Bereich:
+ Vollmachten-Referenz:
:
Identifikator:
OID:
HPI:
SessionTokken:
Datum:..
Uhrzeit:::
application/xhtml+xml \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_3.0.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_3.0.xml new file mode 100644 index 000000000..6afe1f36b --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_3.0.xml @@ -0,0 +1,7 @@ +Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Name:
Geburtsdatum:..
Rolle:
Vollmacht:Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Name:
Staat:Österreich (Test)Österreich (Test)BelgienSchweizTschechienEstlandSpanienFrankreichGriechenlandIslandItalienLitauenLuxemburgNiederlandePortugalSchwedenSlowenienSlowakeiTürkeiVereinigtes KönigreichAuslandÖsterreich

Technische Parameter

URL:
Bereich:
+ Vollmachten-Referenz:
:
Identifikator:
OID:
HPI:
SessionTokken:
Datum:..
Uhrzeit:::
application/xhtml+xml diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml new file mode 100644 index 000000000..e220b8f82 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml @@ -0,0 +1,161 @@ + + + + + + + + + Signing the authentication data + + + +

Authentication Data:

+

Personal Data

+ + + + + + + + + + + + + + + + + + + + + + + + + +
Name: + +
Date of Birth: + + . + + . + +
Role: + +
Mandate: + I log in as representative. In the next step a list of available mandates is shown. Here I select one mandate. +
+

Application Data

+ + + + + + + + + +
Name: + +
Country:Austria
+

Technical Parameters

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
URL: + +
Sector: + +
+ Mandate Reference: + +
+ : + +
Identifier: + + +
OID: + +
HPI: + +
Date: + + . + + . + +
Time: + + : + + : + +
+ + + + + + + + + application/xhtml+xml + + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java index 6426e0e0c..8fba069cb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java @@ -58,7 +58,7 @@ public class BKUSelectionModuleImpl implements AuthModule { performBKUSelection = (boolean) performBKUSelectionObj; if (performBKUSelection && configuration != null - && configuration.getBasicConfigurationBoolean(PropertyBasedAuthConfigurationProvider.PROP_MOAID_MODE, false)) + && configuration.getBasicConfigurationBoolean(PropertyBasedAuthConfigurationProvider.PROP_MOAID_MODE, true)) return "BKUSelectionProcess"; else diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index eae7aae9d..f299e0e94 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -235,7 +235,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide allowedProtcols.setPVP21Active( configuration.getBooleanValue( MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, true) - && getBasicConfigurationBoolean(PROP_MOAID_MODE, false)); + && getBasicConfigurationBoolean(PROP_MOAID_MODE, true)); return allowedProtcols; -- cgit v1.2.3 From 7c361d450a97b9d79a1da90961fd727d2808f9c8 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 19 Feb 2020 13:22:40 +0100 Subject: inject mandate-profiles into eIDAS MS-Connector request in case of SEMPER mode --- .../EidSpMandateProfilesAttributeBuilder.java | 50 ++++++++++++++++++++++ .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 1 + .../tasks/CreateAuthnRequestTask.java | 22 +++++++++- 3 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java new file mode 100644 index 000000000..c6eb74dd6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java @@ -0,0 +1,50 @@ +package at.gv.egovernment.moa.id.protocols.builder.attributes; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; + +public class EidSpMandateProfilesAttributeBuilder implements IAttributeBuilder { + private static final Logger log = LoggerFactory.getLogger(EidSpMandateProfilesAttributeBuilder.class); + + @Override + public T build(final ISPConfiguration oaParam, final IAuthData authData, final IAttributeGenerator g) + throws AttributeBuilderException { + if (oaParam instanceof IOAAuthParameters && ((IOAAuthParameters) oaParam).isShowMandateCheckBox()) { + return g.buildStringAttribute(getFriendlyName(), getName(), + StringUtils.join( + ((IOAAuthParameters) oaParam).getMandateProfiles(), ",")); + + } else { + log.info("{} is only available in AuthHandler context", getFriendlyName()); + + } + throw new UnavailableAttributeException(getName()); + + } + + @Override + public T buildEmpty(final IAttributeGenerator g) { + return g.buildEmptyAttribute(getFriendlyName(), getName()); + + } + + @Override + public String getName() { + return ExtendedPVPAttributeDefinitions.SP_USESMANDATES_NAME; + } + + private String getFriendlyName() { + return ExtendedPVPAttributeDefinitions.SP_USESMANDATES_FRIENDLY_NAME; + } + +} diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index a10b9b3e0..408066bf2 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -23,3 +23,4 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder +at.gv.egovernment.moa.id.protocols.builder.attributes.EidSpMandateProfilesAttributeBuilders diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java index c1229e3ff..d3a2d2840 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java @@ -29,6 +29,7 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.StringUtils; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.metadata.EntityDescriptor; @@ -38,6 +39,7 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; @@ -55,6 +57,7 @@ import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentral import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -168,15 +171,30 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { private List buildRequestedAttributes() { List attributs = new ArrayList(); + OAAuthParameterDecorator spConfig = + pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class); + //build EID sector for identification attribute Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME); EAAFRequestedAttribute reqAttr = SAML2Utils.generateReqAuthnAttributeSimple( attr , true, - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + spConfig.getAreaSpecificTargetIdentifier()); attributs.add(reqAttr ); - //TODO: add mandate information if mandates are used!!!! + //build MandateProfileAttribute if SEMPER is enabled and mandates are requested + if (spConfig.isShowMandateCheckBox() + && authConfig.getBasicConfigurationBoolean( + EidasCentralAuthConstants.CONFIG_PROPS_SEMPER_MANDATES_ACTIVE, false)) { + Logger.debug("SEMPER mode is active. Inject MandateProfiles into eIDAS MS-Connector request"); + final Attribute attrMandateProfiles = PVPAttributeBuilder.buildEmptyAttribute( + ExtendedPVPAttributeDefinitions.SP_USESMANDATES_NAME); + final EAAFRequestedAttribute mandateProfilesReqAttr = SAML2Utils.generateReqAuthnAttributeSimple( + attrMandateProfiles, true, + StringUtils.join(spConfig.getMandateProfiles(), ",")); + attributs.add(mandateProfilesReqAttr); + + } return attributs; } -- cgit v1.2.3 From 830e1912e44e666c6853c9fedefcb032637bd0d9 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 19 Feb 2020 13:46:10 +0100 Subject: separate between E-ID Proxy-Mode and Demo-Mode --- .../moa/id/configuration/data/oa/OATargetConfiguration.java | 13 +++++++++++-- .../src/main/resources/applicationResources_de.properties | 5 +++-- .../src/main/resources/applicationResources_en.properties | 5 +++-- .../src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp | 11 +++++++++-- .../moa/id/auth/builder/AuthenticationDataBuilder.java | 12 ++++++++++-- .../moa/id/config/auth/OAAuthParameterDecorator.java | 6 +++++- .../moa/id/commons/config/ConfigurationMigrationUtils.java | 10 ++++++++++ .../moa/id/commons/config/MOAIDConfigurationConstants.java | 1 + .../commons/db/dao/config/deprecated/OnlineApplication.java | 13 ++++++++++++- .../auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java | 2 +- .../moa/id/protocols/saml1/SAML1AuthenticationServer.java | 6 +++++- 11 files changed, 70 insertions(+), 14 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java index b2671302c..84516c73f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -61,6 +61,7 @@ public class OATargetConfiguration implements IOnlineApplicationData { private String foreignbPKTargets = null; private String additionalbPKTargets = null; private boolean eidDemoActive = false; + private boolean eidProxyActive = false; public OATargetConfiguration() { targetList = TargetValidator.getListOfTargets(); @@ -187,7 +188,7 @@ public class OATargetConfiguration implements IOnlineApplicationData { //parse 'Austrian eID mode' flag eidDemoActive = dbOA.getIseIDDemoModeActive(); - + eidProxyActive = dbOA.getIseIDProxyModeActive(); return null; } @@ -301,6 +302,7 @@ public class OATargetConfiguration implements IOnlineApplicationData { dbOA.setForeignbPKTargetList(getForeignbPKTargets()); dbOA.setAdditionalbPKTargetList(getAdditionalbPKTargets()); dbOA.setIseIDDemoModeActive(isEidDemoActive()); + dbOA.setIseIDProxyModeActive(isEidProxyActive()); return null; } @@ -490,7 +492,14 @@ public class OATargetConfiguration implements IOnlineApplicationData { this.eidDemoActive = eidDemoActive; } - + public boolean isEidProxyActive() { + return eidProxyActive; + } + + + public void setEidProxyActive(boolean eidProxyActive) { + this.eidProxyActive = eidProxyActive; + } diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 3b053d665..2ef63a529 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -264,8 +264,9 @@ webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden webpages.oaconfig.general.aditional.calculateHPI="TODO!" webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden -webpages.oaconfig.general.neweid.header=E-ID Proxy-Mode -webpages.oaconfig.general.neweid.activate=E-ID Proxy-Mode aktivieren +webpages.oaconfig.general.neweid.header=E-ID Mode +webpages.oaconfig.general.neweid.proxy.activate=E-ID Proxy-Mode aktivieren +webpages.oaconfig.general.neweid.demo.activate=E-ID Demo-Mode aktivieren webpages.oaconfig.general.foreign.header=Weitere bPKs/fremd-bPKs im MOA-ID Mode webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV) diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index 550a9df78..6d0a89a64 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -270,8 +270,9 @@ webpages.oaconfig.general.aditional.useUTC=Use UTC time webpages.oaconfig.general.aditional.calculateHPI="TODO!" webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock -webpages.oaconfig.general.neweid.header=E-ID Proxy Mode -webpages.oaconfig.general.neweid.activate=Activate E-ID Proxy Mode +webpages.oaconfig.general.neweid.header=E-ID Mode +webpages.oaconfig.general.neweid.proxy.activate=Activate E-ID Proxy Mode +webpages.oaconfig.general.neweid.demo.activate=Activate E-ID Demo Mode webpages.oaconfig.general.foreign.header=Additional bPKs/foreign-bPKs in case of MOA-ID mode webpages.oaconfig.general.foreign.sectors=Sectors for foreign pseudonyms (CSV) diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp index 6bccd7d48..1f7adea01 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp @@ -116,12 +116,19 @@

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.neweid.header", request) %>

+ + + - +
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index cdb0dae98..3a826ed13 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -222,7 +222,11 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.setIseIDNewDemoMode(Boolean.parseBoolean( oaParam.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, - String.valueOf(false)))); + String.valueOf(false))) || + Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, + String.valueOf(false)))); if (authData.isIseIDNewDemoMode()) { Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true"); @@ -545,7 +549,11 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder if (Boolean.parseBoolean( oaParam.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, - String.valueOf(false)))) { + String.valueOf(false))) || + Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, + String.valueOf(false)))) { Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... "); //build additional bPKs diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java index ab2a07f7c..e76acfad5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java @@ -266,7 +266,11 @@ public String getKeyBoxIdentifier() { if (Boolean.parseBoolean( spConfiguration.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, - String.valueOf(false)))) { + String.valueOf(false))) || + Boolean.parseBoolean( + spConfiguration.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, + String.valueOf(false)))) { Logger.info("Demo-mode for 'New Austrian eID' is active. Restrict SAML1 response ... "); returnValue.setProvideBaseId(false); returnValue.setProvideAuthBlock(false); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index 62a19b399..8de41eee7 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -183,6 +183,11 @@ public class ConfigurationMigrationUtils { else result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, Boolean.FALSE.toString()); + if (oa.getIseIDProxyModeActive() != null) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, oa.getIseIDProxyModeActive().toString()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, Boolean.FALSE.toString()); + if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList())) result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList()); else @@ -884,6 +889,11 @@ public class ConfigurationMigrationUtils { else dbOA.setIseIDDemoModeActive(false); + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE))) + dbOA.setIseIDProxyModeActive(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE))); + else + dbOA.setIseIDProxyModeActive(false); + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN))) dbOA.setForeignbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN)); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index 91d738989..87f6c6416 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -67,6 +67,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_AUTH_TARGET_FOREIGN = SERVICE_AUTH_TARGET + ".foreign"; public static final String SERVICE_AUTH_TARGET_ADDITIONAL_BPKS = SERVICE_AUTH_TARGET + ".additionalbPKs"; public static final String SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE = AUTH + ".austrianeIDdemomode"; + public static final String SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE = AUTH + ".austrianeIDproxymode"; public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java index 74a79912e..53be4d980 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java @@ -126,6 +126,9 @@ public class OnlineApplication @XmlTransient protected Boolean iseIDDemoModeActive = false; + + @XmlTransient + protected Boolean iseIDProxyModeActive = false; public String getForeignbPKTargetList() { @@ -155,6 +158,15 @@ public class OnlineApplication this.iseIDDemoModeActive = iseIDDemoModeActive; } + public Boolean getIseIDProxyModeActive() { + return iseIDProxyModeActive ; + } + + public void setIseIDProxyModeActive(Boolean valueOf) { + this.iseIDProxyModeActive = valueOf; + + } + /** * @return the saml2PostBindingTemplateURL */ @@ -639,5 +651,4 @@ public class OnlineApplication final HashCodeStrategy strategy = JAXBHashCodeStrategy.INSTANCE; return this.hashCode(null, strategy); } - } diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java index 85d9d0f76..094da19c6 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/EIDProxyAuthModuleImpl.java @@ -72,7 +72,7 @@ public class EIDProxyAuthModuleImpl implements AuthModule { if (Boolean.parseBoolean( pendingReq.getServiceProviderConfiguration().getConfigurationValue( - MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, String.valueOf(false)))) { Logger.debug("SP: " + pendingReq.getSPEntityId() + " activates E-ID mode."); return AUTH_PROCESS_NAME; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index af8211dee..73d3d369f 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -354,7 +354,11 @@ public class SAML1AuthenticationServer extends AuthenticationServer { if (Boolean.parseBoolean( oaParam.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, - String.valueOf(false)))) { + String.valueOf(false))) || + Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, + String.valueOf(false)))) { Logger.info("Demo-mode for 'New Austrian eID' is active. Add additonal attributes ... "); if (oaAttributes == null) -- cgit v1.2.3 From 222e9ba48d45fc1e644e40d25998ebf7ba34046f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 19 Feb 2020 14:59:30 +0100 Subject: switch to version 4.1.1 --- id/ConfigWebTool/pom.xml | 2 +- id/moa-id-webgui/pom.xml | 2 +- id/moa-spss-container/pom.xml | 2 +- id/oa/pom.xml | 2 +- id/pom.xml | 2 +- id/server/auth-edu/pom.xml | 2 +- id/server/auth-final/pom.xml | 2 +- id/server/idserverlib/pom.xml | 2 +- id/server/moa-id-commons/pom.xml | 2 +- id/server/moa-id-frontend-resources/pom.xml | 2 +- id/server/moa-id-jaxb_classes/pom.xml | 2 +- id/server/moa-id-spring-initializer/pom.xml | 2 +- .../modules/moa-id-modul-citizencard_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml | 2 +- id/server/modules/moa-id-module-E-ID_connector/pom.xml | 2 +- id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml | 2 +- id/server/modules/moa-id-module-eIDAS/pom.xml | 2 +- id/server/modules/moa-id-module-elga_mandate_service/pom.xml | 2 +- id/server/modules/moa-id-module-openID/pom.xml | 2 +- id/server/modules/moa-id-module-sl20_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-ssoTransfer/pom.xml | 2 +- .../modules/moa-id-modules-federated_authentication/pom.xml | 2 +- id/server/modules/moa-id-modules-saml1/pom.xml | 2 +- id/server/modules/module-monitoring/pom.xml | 2 +- id/server/modules/pom.xml | 2 +- id/server/pom.xml | 2 +- pom.xml | 10 +++++----- 27 files changed, 31 insertions(+), 31 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index aabda170f..bd0523260 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -3,7 +3,7 @@ MOA id - 4.1.0 + 4.1.1 4.0.0 diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index dc592c5d9..f78c54341 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -3,7 +3,7 @@ MOA id - 4.1.0 + 4.1.1 4.0.0 diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index 75f8d1d35..cf3ec6993 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -6,7 +6,7 @@ MOA id - 4.1.0 + 4.1.1 MOA.id moa-spss-container diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 29a37f2c4..073957ba9 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.1.0 + 4.1.1 4.0.0 diff --git a/id/pom.xml b/id/pom.xml index 66a9e02ab..3b427f415 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -3,7 +3,7 @@ MOA MOA - 4.1.0 + 4.1.1 4.0.0 diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index d9e399552..54198dd89 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.1.0 + 4.1.1 4.0.0 diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index c957f6cd8..74d8f9f91 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.1.0 + 4.1.1 4.0.0 diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 02069517c..f254e3724 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -4,7 +4,7 @@ MOA.id moa-id - 4.1.0 + 4.1.1 MOA.id.server diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index dfcad9bc7..ff59807fa 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -4,7 +4,7 @@ MOA.id moa-id - 4.1.0 + 4.1.1 moa-id-commons moa-id-commons diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml index dcd4b3d75..7c29408ef 100644 --- a/id/server/moa-id-frontend-resources/pom.xml +++ b/id/server/moa-id-frontend-resources/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.0 + 4.1.1 MOA.id.server diff --git a/id/server/moa-id-jaxb_classes/pom.xml b/id/server/moa-id-jaxb_classes/pom.xml index 1fb1998b3..cf06a4d23 100644 --- a/id/server/moa-id-jaxb_classes/pom.xml +++ b/id/server/moa-id-jaxb_classes/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.0 + 4.1.1 MOA.id.server moa-id-jaxb_classes diff --git a/id/server/moa-id-spring-initializer/pom.xml b/id/server/moa-id-spring-initializer/pom.xml index 994bab58f..b8138e20c 100644 --- a/id/server/moa-id-spring-initializer/pom.xml +++ b/id/server/moa-id-spring-initializer/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.0 + 4.1.1 MOA.id.server diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml index 6596312f3..34fa1758d 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.0 + 4.1.1 moa-id-modul-citizencard_authentication diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml index 2ba496dd7..f471dd11f 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.0 + 4.1.1 moa-id-module-AT_eIDAS_connector moa-id-module-AT_eIDAS_connector diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml index d21654fd1..02a0c251e 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/pom.xml +++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.0 + 4.1.1 moa-id-module-EID_connector moa-id-module-E-ID_connector diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml index 12c5e1319..72821e479 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.0 + 4.1.1 moa-id-module-bkaMobilaAuthSAML2Test BKA MobileAuth Test for SAML2 applications diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 4562f3239..cc01f2809 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.0 + 4.1.1 moa-id-module-eIDAS MOA-ID eIDAS Module diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml index bdc83f686..dd31011d1 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.0 + 4.1.1 moa-id-module-elga_mandate_service ${moa-id-module-elga_mandate_client} diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index f74177cd4..d0bbbc1e2 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.0 + 4.1.1 moa-id-module-openID diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index d41e221af..b38c7416e 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.0 + 4.1.1 moa-id-module-sl20_authentication moa-id-module-sl20_authentication diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index 68e984ef5..65334cfdf 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.0 + 4.1.1 moa-id-module-ssoTransfer MOA-ID_SSO_Transfer_modul diff --git a/id/server/modules/moa-id-modules-federated_authentication/pom.xml b/id/server/modules/moa-id-modules-federated_authentication/pom.xml index 044eb5732..f5d19f22f 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/pom.xml +++ b/id/server/modules/moa-id-modules-federated_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.0 + 4.1.1 moa-id-modules-federated_authentication PVP2 ServiceProvider implementation for federated authentication diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 9c27134d0..5db642732 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.0 + 4.1.1 moa-id-module-saml1 diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml index 1be1574a5..f4e567fb5 100644 --- a/id/server/modules/module-monitoring/pom.xml +++ b/id/server/modules/module-monitoring/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.0 + 4.1.1 moa-id-module-monitoring diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 72f568a8a..d7ed57251 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -5,7 +5,7 @@ MOA.id moa-id - 4.1.0 + 4.1.1 MOA.id.server.modules diff --git a/id/server/pom.xml b/id/server/pom.xml index efda789b3..1a10e189f 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.1.0 + 4.1.1 4.0.0 diff --git a/pom.xml b/pom.xml index a475e4851..ee37c9da2 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ MOA MOA pom - 4.1.0 + 4.1.1 MOA @@ -14,14 +14,14 @@ UTF-8 - 4.1.0 + 4.1.1 - 4.1.0 - 4.1.0 + 4.1.1 + 4.1.1 2.0.1 - 3.0.1 + 3.0.2 2.0.6 1.3.2 -- cgit v1.2.3 From bc13b94896adb39f8e9a4a7c5d838630fca1f73b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 6 Apr 2020 10:00:54 +0200 Subject: add mandate-profile attribute builder for SEMPER project --- .../EidSpMandateProfilesAttributeBuilder.java | 4 +-- .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 2 +- .../SemperMandateProfilesAttributeBuilderTest.java | 30 ++++++++++++++++++++++ 3 files changed, 33 insertions(+), 3 deletions(-) create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/SemperMandateProfilesAttributeBuilderTest.java (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java index c6eb74dd6..31563b267 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EidSpMandateProfilesAttributeBuilder.java @@ -5,15 +5,15 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -public class EidSpMandateProfilesAttributeBuilder implements IAttributeBuilder { +public class EidSpMandateProfilesAttributeBuilder implements IPVPAttributeBuilder { private static final Logger log = LoggerFactory.getLogger(EidSpMandateProfilesAttributeBuilder.class); @Override diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 408066bf2..0f7817991 100644 --- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -23,4 +23,4 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder -at.gv.egovernment.moa.id.protocols.builder.attributes.EidSpMandateProfilesAttributeBuilders +at.gv.egovernment.moa.id.protocols.builder.attributes.EidSpMandateProfilesAttributeBuilder diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/SemperMandateProfilesAttributeBuilderTest.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/SemperMandateProfilesAttributeBuilderTest.java new file mode 100644 index 000000000..c359c2da3 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/test/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/semper/SemperMandateProfilesAttributeBuilderTest.java @@ -0,0 +1,30 @@ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.semper; + +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.xml.ConfigurationException; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPVPAttributeDefinitions; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap; + +@RunWith(BlockJUnit4ClassRunner.class) +public class SemperMandateProfilesAttributeBuilderTest { + + @BeforeClass + public static void classInitializer() throws ConfigurationException { + EAAFDefaultSAML2Bootstrap.bootstrap(); + + } + + @Test + public void buildEmptyAttribute() { + final Attribute attrMandateProfiles = PVPAttributeBuilder.buildEmptyAttribute( + ExtendedPVPAttributeDefinitions.SP_USESMANDATES_NAME); + Assert.assertNotNull("Attr.", attrMandateProfiles); + } +} -- cgit v1.2.3 From e82fd34793ae92e755f6b203fbcad53ee3d9581e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 6 Apr 2020 10:03:25 +0200 Subject: switch to next snapshot version --- id/ConfigWebTool/pom.xml | 2 +- id/moa-id-webgui/pom.xml | 2 +- id/moa-spss-container/pom.xml | 2 +- id/oa/pom.xml | 2 +- id/pom.xml | 2 +- id/server/auth-edu/pom.xml | 2 +- id/server/auth-final/pom.xml | 2 +- id/server/idserverlib/pom.xml | 2 +- id/server/moa-id-commons/pom.xml | 2 +- id/server/moa-id-frontend-resources/pom.xml | 2 +- id/server/moa-id-jaxb_classes/pom.xml | 2 +- id/server/moa-id-spring-initializer/pom.xml | 2 +- id/server/modules/moa-id-modul-citizencard_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml | 2 +- id/server/modules/moa-id-module-E-ID_connector/pom.xml | 2 +- id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml | 2 +- id/server/modules/moa-id-module-eIDAS/pom.xml | 2 +- id/server/modules/moa-id-module-elga_mandate_service/pom.xml | 2 +- id/server/modules/moa-id-module-openID/pom.xml | 2 +- id/server/modules/moa-id-module-sl20_authentication/pom.xml | 2 +- id/server/modules/moa-id-module-ssoTransfer/pom.xml | 2 +- id/server/modules/moa-id-modules-federated_authentication/pom.xml | 2 +- id/server/modules/moa-id-modules-saml1/pom.xml | 2 +- id/server/modules/module-monitoring/pom.xml | 2 +- id/server/modules/pom.xml | 2 +- id/server/pom.xml | 2 +- pom.xml | 2 +- 27 files changed, 27 insertions(+), 27 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index bd0523260..87e15eb68 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -3,7 +3,7 @@ MOA id - 4.1.1 + 4.1.2-SNAPSHOT 4.0.0 diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index f78c54341..14e2d4f4b 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -3,7 +3,7 @@ MOA id - 4.1.1 + 4.1.2-SNAPSHOT 4.0.0 diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index cf3ec6993..3faa9421b 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -6,7 +6,7 @@ MOA id - 4.1.1 + 4.1.2-SNAPSHOT MOA.id moa-spss-container diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 073957ba9..d3f9338a1 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.1.1 + 4.1.2-SNAPSHOT 4.0.0 diff --git a/id/pom.xml b/id/pom.xml index 3b427f415..fc883fecc 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -3,7 +3,7 @@ MOA MOA - 4.1.1 + 4.1.2-SNAPSHOT 4.0.0 diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index 54198dd89..5f971214a 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.1.1 + 4.1.2-SNAPSHOT 4.0.0 diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index 74d8f9f91..34e6f3ad4 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -2,7 +2,7 @@ MOA.id moa-id - 4.1.1 + 4.1.2-SNAPSHOT 4.0.0 diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index f254e3724..87b9f0952 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -4,7 +4,7 @@ MOA.id moa-id - 4.1.1 + 4.1.2-SNAPSHOT MOA.id.server diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index ff59807fa..1ba37d770 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -4,7 +4,7 @@ MOA.id moa-id - 4.1.1 + 4.1.2-SNAPSHOT moa-id-commons moa-id-commons diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml index 7c29408ef..1efdd0195 100644 --- a/id/server/moa-id-frontend-resources/pom.xml +++ b/id/server/moa-id-frontend-resources/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.1 + 4.1.2-SNAPSHOT MOA.id.server diff --git a/id/server/moa-id-jaxb_classes/pom.xml b/id/server/moa-id-jaxb_classes/pom.xml index cf06a4d23..2d949d85a 100644 --- a/id/server/moa-id-jaxb_classes/pom.xml +++ b/id/server/moa-id-jaxb_classes/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.1 + 4.1.2-SNAPSHOT MOA.id.server moa-id-jaxb_classes diff --git a/id/server/moa-id-spring-initializer/pom.xml b/id/server/moa-id-spring-initializer/pom.xml index b8138e20c..331631051 100644 --- a/id/server/moa-id-spring-initializer/pom.xml +++ b/id/server/moa-id-spring-initializer/pom.xml @@ -3,7 +3,7 @@ MOA.id moa-id - 4.1.1 + 4.1.2-SNAPSHOT MOA.id.server diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml index 34fa1758d..230a23d79 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.1 + 4.1.2-SNAPSHOT moa-id-modul-citizencard_authentication diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml index f471dd11f..78a498223 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.1 + 4.1.2-SNAPSHOT moa-id-module-AT_eIDAS_connector moa-id-module-AT_eIDAS_connector diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml index 02a0c251e..70beb74e4 100644 --- a/id/server/modules/moa-id-module-E-ID_connector/pom.xml +++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.1 + 4.1.2-SNAPSHOT moa-id-module-EID_connector moa-id-module-E-ID_connector diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml index 72821e479..b28523e1f 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.1 + 4.1.2-SNAPSHOT moa-id-module-bkaMobilaAuthSAML2Test BKA MobileAuth Test for SAML2 applications diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index cc01f2809..2ff410400 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.1 + 4.1.2-SNAPSHOT moa-id-module-eIDAS MOA-ID eIDAS Module diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml index dd31011d1..79fb7c609 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.1 + 4.1.2-SNAPSHOT moa-id-module-elga_mandate_service ${moa-id-module-elga_mandate_client} diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index d0bbbc1e2..ec4cfdcce 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.1 + 4.1.2-SNAPSHOT moa-id-module-openID diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index b38c7416e..280d350fe 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.1 + 4.1.2-SNAPSHOT moa-id-module-sl20_authentication moa-id-module-sl20_authentication diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index 65334cfdf..e0f7ee447 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.1 + 4.1.2-SNAPSHOT moa-id-module-ssoTransfer MOA-ID_SSO_Transfer_modul diff --git a/id/server/modules/moa-id-modules-federated_authentication/pom.xml b/id/server/modules/moa-id-modules-federated_authentication/pom.xml index f5d19f22f..6e166e699 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/pom.xml +++ b/id/server/modules/moa-id-modules-federated_authentication/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.1 + 4.1.2-SNAPSHOT moa-id-modules-federated_authentication PVP2 ServiceProvider implementation for federated authentication diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 5db642732..26e164b83 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -3,7 +3,7 @@ MOA.id.server.modules moa-id-modules - 4.1.1 + 4.1.2-SNAPSHOT moa-id-module-saml1 diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml index f4e567fb5..2bb966583 100644 --- a/id/server/modules/module-monitoring/pom.xml +++ b/id/server/modules/module-monitoring/pom.xml @@ -5,7 +5,7 @@ MOA.id.server.modules moa-id-modules - 4.1.1 + 4.1.2-SNAPSHOT moa-id-module-monitoring diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index d7ed57251..d53540bee 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -5,7 +5,7 @@ MOA.id moa-id - 4.1.1 + 4.1.2-SNAPSHOT MOA.id.server.modules diff --git a/id/server/pom.xml b/id/server/pom.xml index 1a10e189f..8c323fd2f 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -4,7 +4,7 @@ MOA id - 4.1.1 + 4.1.2-SNAPSHOT 4.0.0 diff --git a/pom.xml b/pom.xml index ee37c9da2..6231a0cdf 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ MOA MOA pom - 4.1.1 + 4.1.2-SNAPSHOT MOA -- cgit v1.2.3