From cd5cef47db73c85cbb2defdec3b283655fdc859b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 5 Jun 2018 10:46:41 +0200 Subject: update SL20 implementation --- .../bkamobileauthtests/BKAMobileAuthModule.java | 19 +++++++++++++++---- .../tasks/FirstBKAMobileAuthTask.java | 2 +- .../src/main/resources/BKAMobileAuth.process.xml | 14 +++++++------- .../src/main/resources/moaid_bka_mobileauth.beans.xml | 2 +- 4 files changed, 24 insertions(+), 13 deletions(-) (limited to 'id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main') diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java index 0cef4cb41..853d1b6a4 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java @@ -45,7 +45,7 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class BKAMobileAuthModule implements AuthModule { - private int priority = 1; + private int priority = 2; @Autowired(required=true) protected AuthConfiguration authConfig; @Autowired(required=true) private AuthenticationManager authManager; @@ -67,7 +67,6 @@ public class BKAMobileAuthModule implements AuthModule { public void setPriority(int priority) { this.priority = priority; } - @PostConstruct public void initialDummyAuthWhiteList() { @@ -84,6 +83,8 @@ public class BKAMobileAuthModule implements AuthModule { //parameter to whiteList authManager.addParameterNameToWhiteList(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW); +// authManager.addHeaderNameToWhiteList("SL2ClientType"); +// authManager.addHeaderNameToWhiteList("X-MOA-VDA"); } /* (non-Javadoc) @@ -92,12 +93,22 @@ public class BKAMobileAuthModule implements AuthModule { @Override public String selectProcess(ExecutionContext context) { String spEntityID = (String) context.get(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER); - if (MiscUtil.isNotEmpty(spEntityID)) { - if (uniqueIDsDummyAuthEnabled.contains(spEntityID)) { + String sl20ClientTypeHeader = (String) context.get("SL2ClientType".toLowerCase()); + String sl20VDATypeHeader = (String) context.get("X-MOA-VDA".toLowerCase()); + if (MiscUtil.isNotEmpty(spEntityID)) { + Logger.trace("Check dummy-auth for SP: " + spEntityID); + + + if ( (uniqueIDsDummyAuthEnabled.contains(spEntityID))) { String eIDBlob = (String)context.get(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW); if (eIDBlob != null && MiscUtil.isNotEmpty(eIDBlob.trim())) { return "BKAMobileAuthentication"; + } else if (MiscUtil.isNotEmpty(sl20ClientTypeHeader) + && MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals("0")) { + Logger.info("Find dummy-auth request for oe.gv.at demos ... "); + return "BKAMobileAuthentication"; + } else { Logger.debug("Dummy-auth are enabled for " + spEntityID + " but no '" + FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW + "' req. parameter available."); diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java index 43043ddd6..15cf298f1 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java @@ -112,7 +112,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { } parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession(), eIDBlobRawB64); - + } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml index 6f41f347a..07faeae88 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml @@ -5,17 +5,17 @@ STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures. --> - - + + - - - - + + + + + diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml index ef13b0348..79f29e08c 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml @@ -10,7 +10,7 @@ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> - + -- cgit v1.2.3 From bc6ebce79bdd07a0a1bbe9a956e7d49512ff9e57 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 26 Jun 2018 10:30:18 +0200 Subject: read noAuth header value from configuration --- .../moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main') diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java index 853d1b6a4..0b7b674a4 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java @@ -51,6 +51,7 @@ public class BKAMobileAuthModule implements AuthModule { @Autowired(required=true) private AuthenticationManager authManager; private List uniqueIDsDummyAuthEnabled = new ArrayList(); + private String noAuthHeaderValue = null; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() @@ -71,6 +72,9 @@ public class BKAMobileAuthModule implements AuthModule { @PostConstruct public void initialDummyAuthWhiteList() { String sensitiveSpIdentifier = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.entityID"); + noAuthHeaderValue = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.noAuthHeaderValue", "0"); + Logger.info("Dummy authentication is sensitive on 'X-MOA-VDA' value: " + noAuthHeaderValue); + if (MiscUtil.isNotEmpty(sensitiveSpIdentifier)) { uniqueIDsDummyAuthEnabled.addAll(KeyValueUtils.getListOfCSVValues(sensitiveSpIdentifier)); @@ -105,7 +109,7 @@ public class BKAMobileAuthModule implements AuthModule { return "BKAMobileAuthentication"; } else if (MiscUtil.isNotEmpty(sl20ClientTypeHeader) - && MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals("0")) { + && MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals(noAuthHeaderValue)) { Logger.info("Find dummy-auth request for oe.gv.at demos ... "); return "BKAMobileAuthentication"; -- cgit v1.2.3