From b871ae183d5a045fc4f8bf5b89a484aad4b2b39c Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Thu, 4 Apr 2013 17:00:58 +0200 Subject: Authentication data saved in Authentication Session --- .../moa/id/auth/AuthenticationServer.java | 56 ++++++++++++++++++---- .../moa/id/auth/MOAIDAuthConstants.java | 2 + .../moa/id/auth/builder/LoginFormBuilder.java | 13 ++++- .../moa/id/auth/data/AuthenticationSession.java | 39 +++++++++++++++ .../auth/servlet/StartAuthenticationServlet.java | 8 +++- .../servlet/VerifyAuthenticationBlockServlet.java | 7 ++- .../moa/id/entrypoints/AuthDispatcherServlet.java | 4 +- .../moa/id/entrypoints/DispatcherServlet.java | 4 +- .../moa/id/moduls/AuthenticationManager.java | 6 ++- .../moa/id/moduls/AuthenticationSessionStore.java | 7 +-- .../gv/egovernment/moa/id/moduls/ModulUtils.java | 22 +++++++++ .../protocols/saml1/SAML1AuthenticationServer.java | 2 + .../moa/id/protocols/saml1/SAML1Protocol.java | 2 +- .../resources/resources/templates/loginForm.html | 4 ++ 14 files changed, 153 insertions(+), 23 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index d783c74d9..afe0bd1d6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -117,6 +117,7 @@ import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.moduls.AuthenticationSessionStore; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; @@ -385,7 +386,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { public String startAuthentication(String authURL, String target, String targetFriendlyName, String oaURL, String templateURL, String bkuURL, String useMandate, String sessionID, String scheme, - String sourceID) throws WrongParametersException, + String sourceID, String modul, String action) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { String useMandateString = null; @@ -455,6 +456,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setAuthURL(authURL); session.setTemplateURL(templateURL); session.setBusinessService(oaParam.getBusinessService()); + session.setModul(modul); + session.setAction(action); if (sourceID != null) session.setSourceID(sourceID); } @@ -1941,6 +1944,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { return null; } else { + session.setAuthData(authData); + + String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); + Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); + Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + + return newMOASessionID; + /* String samlAssertion = new AuthenticationDataAssertionBuilder() .build(authData, session.getAssertionPrPerson(), session .getAssertionAuthBlock(), session @@ -1973,7 +1984,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); return samlArtifact; - + */ } } @@ -2132,6 +2143,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { new Object[] { GET_MIS_SESSIONID }); } + session.setAuthData(authData); + session.setMandateData(mandateData); + + String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); + Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); + Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + return newMOASessionID; + + /* String samlAssertion = new AuthenticationDataAssertionBuilder() .buildMandate(authData, session.getAssertionPrPerson(), mandateData, session.getAssertionAuthBlock(), session @@ -2164,7 +2184,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { sessionStore.remove(sessionID); Logger.info("Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact; + return samlArtifact;*/ } @@ -2287,7 +2307,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { int conditionLength = oaParam.getConditionLength(); AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC, true); - + + session.setAuthData(authData); + + String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); + Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); + Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + return newMOASessionID; + //TODO: regenerate MOASession ID! + /* String samlAssertion = new AuthenticationDataAssertionBuilder().build( authData, session.getAssertionPrPerson(), session .getAssertionAuthBlock(), session @@ -2319,7 +2347,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact; + return samlArtifact;*/ } /** @@ -2550,6 +2578,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ private static AuthenticationSession newSession() throws AuthenticationException { + + return AuthenticationSessionStore.createSession(); + + /* String sessionID = Random.nextRandom(); AuthenticationSession newSession = new AuthenticationSession(sessionID); synchronized (sessionStore) { @@ -2560,7 +2592,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { new Object[] { sessionID }); sessionStore.put(sessionID, newSession); } - return newSession; + return newSession;*/ } /** @@ -2573,8 +2605,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public static AuthenticationSession getSession(String id) throws AuthenticationException { - AuthenticationSession session = (AuthenticationSession) sessionStore - .get(id); + + AuthenticationSession session = AuthenticationSessionStore.getSession(id); + /*(AuthenticationSession) sessionStore + .get(id);*/ if (session == null) throw new AuthenticationException("auth.02", new Object[] { id }); return session; @@ -2781,7 +2815,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { String target, String targetFriendlyName, String authURL, - String sourceID) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { + String sourceID, + String modul, + String action) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { //read configuration paramters of OA OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); @@ -2805,6 +2841,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { moaSession.setAuthURL(authURL); moaSession.setBusinessService(oaParam.getBusinessService()); moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); + moaSession.setAction(action); + moaSession.setModul(modul); if (sourceID != null) moaSession.setSourceID(sourceID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 7d5835f20..01c875533 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -43,6 +43,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_OA = "OA"; /** servlet parameter "bkuURI" */ public static final String PARAM_BKU = "bkuURI"; + public static final String PARAM_MODUL = "MODUL"; + public static final String PARAM_ACTION = "ACTION"; /** servlet parameter "sourceID" */ public static final String PARAM_SOURCEID = "sourceID"; /** servlet parameter "BKUSelectionTemplate" */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 6816c854e..5191a2f81 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -5,6 +5,7 @@ import java.io.StringWriter; import org.apache.commons.io.IOUtils; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.logging.Logger; public class LoginFormBuilder { @@ -12,6 +13,8 @@ public class LoginFormBuilder { private static String AUTH_URL = "#AUTH_URL#"; private static String OA_URL = "#OA_URL#"; private static String RED_URL = "#RED_URL#"; + private static String MODUL = "#MODUL#"; + private static String ACTION = "#ACTION#"; private static String template; @@ -35,11 +38,19 @@ public class LoginFormBuilder { return template; } - public static String buildLoginForm(String oaURL) { + public static String buildLoginForm(String oaURL, String modul, String action) { String value = getTemplate(); if(value != null) { value = value.replace(OA_URL, oaURL); + if(modul == null) { + modul = SAML1Protocol.PATH; + } + if(action == null) { + action = SAML1Protocol.GETARTIFACT; + } + value = value.replace(MODUL, modul); + value = value.replace(ACTION, action); } return value; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 41a7547a0..6a69a8002 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -212,6 +212,45 @@ public class AuthenticationSession { */ private STORKAuthnRequest storkAuthnRequest; + private AuthenticationData authData; + + private String mandateData; + + private String modul; + public String getModul() { + return modul; + } + + public void setModul(String modul) { + this.modul = modul; + } + + public String getAction() { + return action; + } + + public void setAction(String action) { + this.action = action; + } + + private String action; + + public String getMandateData() { + return mandateData; + } + + public void setMandateData(String mandateData) { + this.mandateData = mandateData; + } + + public AuthenticationData getAuthData() { + return authData; + } + + public void setAuthData(AuthenticationData authData) { + this.authData = authData; + } + private CreateXMLSignatureResponse XMLCreateSignatureResponse; private VerifyXMLSignatureResponse XMLVerifySignatureResponse; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 012ed4c14..5ff5b6f63 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -104,6 +104,8 @@ public class StartAuthenticationServlet extends AuthServlet { String sessionID = req.getParameter(PARAM_SESSIONID); String useMandate = req.getParameter(PARAM_USEMANDATE); String ccc = req.getParameter(PARAM_CCC); + String modul = req.getParameter(PARAM_MODUL); + String action = req.getParameter(PARAM_ACTION); // escape parameter strings target = StringEscapeUtils.escapeHtml(target); @@ -114,6 +116,8 @@ public class StartAuthenticationServlet extends AuthServlet { sessionID = StringEscapeUtils.escapeHtml(sessionID); useMandate = StringEscapeUtils.escapeHtml(useMandate); ccc = StringEscapeUtils.escapeHtml(ccc); + modul = StringEscapeUtils.escapeHtml(modul); + action = StringEscapeUtils.escapeHtml(action); setNoCachingHeadersInHttpRespone(req, resp); @@ -169,13 +173,13 @@ public class StartAuthenticationServlet extends AuthServlet { Logger.trace("Found C-PEPS configuration for citizen of country: " + ccc); Logger.debug("Starting STORK authentication"); - AuthenticationServer.startSTORKAuthentication(req, resp, ccc, oaURL, target, targetFriendlyName, authURL, sourceID); + AuthenticationServer.startSTORKAuthentication(req, resp, ccc, oaURL, target, targetFriendlyName, authURL, sourceID, modul, action); } else { //normal MOA-ID authentication Logger.debug("Starting normal MOA-ID authentication"); - String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, targetFriendlyName, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID); + String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, targetFriendlyName, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID, modul, action); resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index fbf700365..f62428ea5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -51,6 +51,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.ModulUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; @@ -220,13 +221,15 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { else { if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - redirectURL = session.getOAURLRequested(); + /*redirectURL = session.getOAURLRequested(); if (!session.getBusinessService()) { redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); } redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); + redirectURL = resp.encodeRedirectURL(redirectURL);*/ + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), + ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64); } else { redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java index e78d9345c..ae0717a6d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java @@ -133,7 +133,7 @@ public class AuthDispatcherServlet extends HttpServlet { protected void processRequest(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { try { - Object pathObject = req.getAttribute(PARAM_TARGET_PATH); + Object pathObject = req.getParameter(PARAM_TARGET_PATH); String path = null; HttpSession session = req.getSession(); @@ -146,7 +146,7 @@ public class AuthDispatcherServlet extends HttpServlet { path = (String) session.getAttribute(PARAM_TARGET_PATH); } - Object protocolObject = req.getAttribute(PARAM_TARGET_PROTOCOL); + Object protocolObject = req.getParameter(PARAM_TARGET_PROTOCOL); String protocol = null; if (protocolObject != null && (protocolObject instanceof String)) { protocol = (String) protocolObject; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index ccc0f1ccc..48f44f97b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -129,7 +129,7 @@ public class DispatcherServlet extends HttpServlet { protected void processRequest(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - Object pathObject = req.getAttribute(PARAM_TARGET_PATH); + Object pathObject = req.getParameter(PARAM_TARGET_PATH); String path = null; if (pathObject != null && (pathObject instanceof String)) { path = (String) pathObject; @@ -139,7 +139,7 @@ public class DispatcherServlet extends HttpServlet { path = (String) req.getAttribute(PARAM_TARGET_PATH); } - Object protocolObject = req.getAttribute(PARAM_TARGET_PROTOCOL); + Object protocolObject = req.getParameter(PARAM_TARGET_PROTOCOL); String protocol = null; if (protocolObject != null && (protocolObject instanceof String)) { protocol = (String) protocolObject; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index e631523a2..eeb16fcf9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -11,6 +11,7 @@ import javax.servlet.http.HttpSession; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.entrypoints.AuthDispatcherServlet; import at.gv.egovernment.moa.id.util.HTTPSessionUtils; import at.gv.egovernment.moa.logging.Logger; @@ -60,7 +61,10 @@ public class AuthenticationManager implements MOAIDAuthConstants { throws ServletException, IOException { HttpSession session = request.getSession(); Logger.info("Starting authentication ..."); - String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL()); + String modul = (String)session.getAttribute(AuthDispatcherServlet.PARAM_TARGET_PATH); + String protocol = (String)session.getAttribute(AuthDispatcherServlet.PARAM_TARGET_PROTOCOL); + + String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(), modul, protocol); response.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(response.getOutputStream()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java index c0bf29844..3096341e0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java @@ -4,6 +4,7 @@ import java.util.HashMap; import java.util.Iterator; import java.util.Set; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.util.Random; @@ -44,13 +45,13 @@ public class AuthenticationSessionStore { } public static String changeSessionID(AuthenticationSession session) - throws MOAIDException { + throws AuthenticationException { synchronized (sessionStore) { if (sessionStore.containsKey(session.getSessionID())) { AuthenticationSession theSession = sessionStore.get(session .getSessionID()); if (theSession != session) { - throw new MOAIDException("TODO!", null); + throw new AuthenticationException("TODO!", null); } sessionStore.remove(session.getSessionID()); @@ -60,7 +61,7 @@ public class AuthenticationSessionStore { return id; } } - throw new MOAIDException("TODO!", null); + throw new AuthenticationException("TODO!", null); } public static AuthenticationSession getSession(String sessionID) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java new file mode 100644 index 000000000..918201dd4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.moduls; + +import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; + + +public class ModulUtils { + + public static final String UNAUTHDISPATCHER = "UnauthDispatcher"; + public static final String AUTHDISPATCHER = "AuthDispatcher"; + + public static String buildUnauthURL(String modul, String action) { + return UNAUTHDISPATCHER + "?" + + DispatcherServlet.PARAM_TARGET_PATH + "=" + modul + "&" + + DispatcherServlet.PARAM_TARGET_PROTOCOL + "=" + action; + } + + public static String buildAuthURL(String modul, String action) { + return AUTHDISPATCHER + + "?" + DispatcherServlet.PARAM_TARGET_PATH + "=" + modul + "&" + + DispatcherServlet.PARAM_TARGET_PROTOCOL + "=" + action; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 56d02b557..7e4313087 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -212,6 +212,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer { public static String BuildSAMLArtifact(AuthenticationSession session) throws ConfigurationException, BuildException, AuthenticationException { + // TODO: Support Mandate MODE! + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); boolean useUTC = oaParam.getUseUTC(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 601425a9c..fd6c2dadb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -59,7 +59,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { public ITargetConfiguration preProcess(HttpServletRequest request, HttpServletResponse response) throws MOAIDException { TargetConfigurationImpl config = new TargetConfigurationImpl(); - String oaURL = (String) request.getAttribute(PARAM_OA); + String oaURL = (String) request.getParameter(PARAM_OA); oaURL = StringEscapeUtils.escapeHtml(oaURL); if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html b/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html index 90deb3b04..576683dc7 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html @@ -8,6 +8,8 @@
+ +
+ +