From e03689468de9aaa0bd2b3234b8e6842988a29684 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 15 Mar 2016 10:43:39 +0100 Subject: change PVP EntityID to metadata-URL (SAML2 'well-known-location' method) --- .../moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer/src/main/java/at') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 5f2642cf8..9683d5cb7 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -97,6 +97,7 @@ import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; @@ -320,14 +321,13 @@ public class SSOContainerUtils { public String generateSignedAndEncryptedSSOContainer(String authURL, AuthenticationSession authSession, Date date) { try { - String entityID = authURL; + String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL); AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); - String random = Random.nextRandom(); - String nameID = subjectNameID.getValue(); + String random = Random.nextLongRandom(); try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] hash = md.digest((random).getBytes("ISO-8859-1")); -- cgit v1.2.3