From 52a29dc86a57a4a998de94cdf6402f40f4a9fd39 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 12 Jun 2014 07:54:41 +0200 Subject: use SAML2 relaystate as additional MOA session binding feature --- .../moa/id/auth/AuthenticationServer.java | 1 + .../moa/id/auth/servlet/PEPSConnectorServlet.java | 22 ++++++++++++++++------ 2 files changed, 17 insertions(+), 6 deletions(-) (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 4709f8c68..e7abf0f9a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1877,6 +1877,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm"); VelocityContext context = new VelocityContext(); context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml())); + context.put("RelayState", moasession.getSessionID()); context.put("action", destination); StringWriter writer = new StringWriter(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 024944c72..25749c8bc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -114,18 +114,28 @@ public class PEPSConnectorServlet extends AuthServlet { //check if https or only http super.checkIfHTTPisAllowed(request.getRequestURL().toString()); - Logger.debug("Trying to find MOA Session-ID"); + Logger.debug("Trying to find MOA Session-ID ..."); String moaSessionID = request.getParameter(PARAM_SESSIONID); // escape parameter strings moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID); if (StringUtils.isEmpty(moaSessionID)) { - //No authentication session has been started before - Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started"); - Logger.debug("PEPSConnectorURL was: " + request.getRequestURL()); - throw new AuthenticationException("auth.02", new Object[] { moaSessionID }); - } + //check if SAML2 relaystate includes a MOA sessionID + moaSessionID = request.getParameter("RelayState"); + moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID); + + if (StringUtils.isEmpty(moaSessionID)) { + //No authentication session has been started before + Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started"); + Logger.debug("PEPSConnectorURL was: " + request.getRequestURL()); + throw new AuthenticationException("auth.02", new Object[] { moaSessionID }); + + } else + Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState."); + + } else + Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter."); if (!ParamValidatorUtils.isValidSessionID(moaSessionID)) throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12"); -- cgit v1.2.3 From 7cc4df3996d4725e4390dc5282a7200260d9dfe2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 12 Jun 2014 12:27:18 +0200 Subject: =?UTF-8?q?Fix=20Oracle=20DB=20problem:=20=20=20info:=20session=20?= =?UTF-8?q?blob=20not=20null=20-->=20session=20ist=20unter=20Oracle=20nich?= =?UTF-8?q?t=20f=C3=BCr=20Tabellen-/Spaltennamen=20verwendbar?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../moa/id/commons/db/dao/session/AuthenticatedSessionStore.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'id/server') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java index 8bad43431..182995786 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java @@ -78,8 +78,8 @@ public class AuthenticatedSessionStore implements Serializable{ @Column(name = "SSOsessionid") private String SSOsessionid; - @Column(name = "session", nullable=false) - @Lob private byte [] session; + @Column(name = "authSession", nullable=false) + @Lob private byte [] authSession; @Column(name = "iv", nullable=true) @Lob private byte [] iv; @@ -148,11 +148,11 @@ public class AuthenticatedSessionStore implements Serializable{ } public byte[] getSession() { - return session; + return authSession; } public void setSession(byte[] session) { - this.session = session; + this.authSession = session; } public boolean isAuthenticated() { -- cgit v1.2.3