From 7d8b6f80bb6faf33c4a19aac2d23784a8dbbddc2 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 5 May 2015 13:01:43 +0200 Subject: refactored some code regarding multi-part SAML responses --- .../stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java | 2 +- .../moa/id/auth/modules/stork/tasks/PepsConnectorTask.java | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'id/server/modules/module-stork/src/main/java/at/gv') diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java index 08da21460..aff69aa9c 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java @@ -342,7 +342,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep // FIXME: Same here; we do not have the citizen's signature, so this code might be regarded as dead code. try { - SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions() + SZRGInsertion(moaSession, attributeList, authnResponse.getAssertions() .get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef() .getAuthnContextClassRef(), citizenSignature); } catch (STORKException e) { diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index 81c7c3a7b..6eabc0538 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -506,7 +506,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { Logger.debug("Starting connecting SZR Gateway"); identityLink = STORKResponseProcessor.connectToSZRGateway( - authnResponse.getPersonalAttributeList(), + attributeList, oaParam.getFriendlyName(), targetType, null, @@ -560,7 +560,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask { moaSession.setIdentityLink(identityLink); Logger.debug("Adding addtional STORK attributes to MOA session"); - moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList()); + moaSession.setStorkAttributes(attributeList); Logger.debug("Add full STORK AuthnResponse to MOA session"); moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse")); -- cgit v1.2.3 From b92da70a3071e1dbf910ee38ff4efbe61ecc8be6 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 30 Jun 2015 13:55:17 +0200 Subject: handle multiple assertions with equal attributes --- .../modules/stork/tasks/PepsConnectorTask.java | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'id/server/modules/module-stork/src/main/java/at/gv') diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index 6eabc0538..b89571fde 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -298,14 +298,20 @@ public class PepsConnectorTask extends AbstractAuthServletTask { Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); - - // first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled - // with ALL attributes when there is more than one assertion in the SAML2 STORK message. - IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList(); - - // if the list is empty, there was just one assertion... probably - if(attributeList.isEmpty()) - attributeList = authnResponse.getPersonalAttributeList(); + // fetch attribute list from response + IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList(); + if(authnResponse.getAssertions().size() > 1) { + for(IPersonalAttributeList currentList : authnResponse.getPersonalAttributeLists()) { + for(PersonalAttribute currentAttribute : currentList.values()) { + if(!attributeList.containsKey(currentAttribute.getName())) + attributeList.add((PersonalAttribute) currentAttribute.clone()); + else { + if(!attributeList.get(currentAttribute.getName()).getValue().equals(currentAttribute.getValue())) + throw new TaskExecutionException("data integrity failure", new Exception("data integrity failure: found non-matching values in multiple attributes of type " + currentAttribute.getName())); + } + } + } + } // //////////// incorporate gender from parameters if not in stork response -- cgit v1.2.3