From b92da70a3071e1dbf910ee38ff4efbe61ecc8be6 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 30 Jun 2015 13:55:17 +0200 Subject: handle multiple assertions with equal attributes --- .../modules/stork/tasks/PepsConnectorTask.java | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'id/server/modules/module-stork/src') diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index 6eabc0538..b89571fde 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -298,14 +298,20 @@ public class PepsConnectorTask extends AbstractAuthServletTask { Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID); - - // first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled - // with ALL attributes when there is more than one assertion in the SAML2 STORK message. - IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList(); - - // if the list is empty, there was just one assertion... probably - if(attributeList.isEmpty()) - attributeList = authnResponse.getPersonalAttributeList(); + // fetch attribute list from response + IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList(); + if(authnResponse.getAssertions().size() > 1) { + for(IPersonalAttributeList currentList : authnResponse.getPersonalAttributeLists()) { + for(PersonalAttribute currentAttribute : currentList.values()) { + if(!attributeList.containsKey(currentAttribute.getName())) + attributeList.add((PersonalAttribute) currentAttribute.clone()); + else { + if(!attributeList.get(currentAttribute.getName()).getValue().equals(currentAttribute.getValue())) + throw new TaskExecutionException("data integrity failure", new Exception("data integrity failure: found non-matching values in multiple attributes of type " + currentAttribute.getName())); + } + } + } + } // //////////// incorporate gender from parameters if not in stork response -- cgit v1.2.3