From bc6ebce79bdd07a0a1bbe9a956e7d49512ff9e57 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 26 Jun 2018 10:30:18 +0200 Subject: read noAuth header value from configuration --- .../moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test') diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java index 853d1b6a4..0b7b674a4 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java @@ -51,6 +51,7 @@ public class BKAMobileAuthModule implements AuthModule { @Autowired(required=true) private AuthenticationManager authManager; private List uniqueIDsDummyAuthEnabled = new ArrayList(); + private String noAuthHeaderValue = null; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() @@ -71,6 +72,9 @@ public class BKAMobileAuthModule implements AuthModule { @PostConstruct public void initialDummyAuthWhiteList() { String sensitiveSpIdentifier = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.entityID"); + noAuthHeaderValue = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.noAuthHeaderValue", "0"); + Logger.info("Dummy authentication is sensitive on 'X-MOA-VDA' value: " + noAuthHeaderValue); + if (MiscUtil.isNotEmpty(sensitiveSpIdentifier)) { uniqueIDsDummyAuthEnabled.addAll(KeyValueUtils.getListOfCSVValues(sensitiveSpIdentifier)); @@ -105,7 +109,7 @@ public class BKAMobileAuthModule implements AuthModule { return "BKAMobileAuthentication"; } else if (MiscUtil.isNotEmpty(sl20ClientTypeHeader) - && MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals("0")) { + && MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals(noAuthHeaderValue)) { Logger.info("Find dummy-auth request for oe.gv.at demos ... "); return "BKAMobileAuthentication"; -- cgit v1.2.3