From 206f283585a28009bb8276f78e7ea1d95298fd8c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 8 Jul 2013 09:29:16 +0200 Subject: =?UTF-8?q?AuthData=20Generierung=20von=20VerifyAuthBlock=20nach?= =?UTF-8?q?=20GenerateSAMLArtifact=20verschoben.=20Die=20daraus=20erforder?= =?UTF-8?q?lichen=20PVP2=20=C3=84nderungen=20sind=20zu=20pr=C3=BCfen!!!!?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../moa/id/auth/AuthenticationServer.java | 18 ++- .../AuthenticationBlockAssertionBuilder.java | 4 +- .../moa/id/auth/builder/BPKBuilder.java | 12 ++ .../StartAuthentificationParameterParser.java | 7 +- .../CreateXMLSignatureResponseValidator.java | 4 +- .../moa/id/entrypoints/DispatcherServlet.java | 1 + .../at/gv/egovernment/moa/id/moduls/IRequest.java | 2 + .../pvp2x/builder/CitizenTokenBuilder.java | 13 +- .../pvp2x/requestHandler/AuthnRequestHandler.java | 10 +- .../moa/id/protocols/saml1/GetArtifactAction.java | 50 ++++-- .../moa/id/protocols/saml1/GetArtifactServlet.java | 173 +++++++++++---------- .../protocols/saml1/SAML1AuthenticationServer.java | 29 +--- .../moa/id/protocols/saml1/SAML1Protocol.java | 18 ++- 13 files changed, 194 insertions(+), 147 deletions(-) (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 14bb53eb7..1d71fd228 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -115,6 +115,7 @@ import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; @@ -2406,17 +2407,20 @@ public class AuthenticationServer implements MOAIDAuthConstants { * while building the <saml:Assertion> */ public static AuthenticationData buildAuthenticationData( - AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner) + AuthenticationSession session, OAAuthParameter oaParam, String target) throws ConfigurationException, BuildException { IdentityLink identityLink = session.getIdentityLink(); AuthenticationData authData = new AuthenticationData(); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); + boolean useUTC = oaParam.getUseUTC(); + boolean isForeigner = session.isForeigner(); boolean businessService = oaParam.getBusinessService(); + authData.setMajorVersion(1); authData.setMinorVersion(0); authData.setAssertionID(Random.nextRandom()); @@ -2473,7 +2477,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // only compute bPK if online application is a public service and we have the Stammzahl if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { String bpkBase64 = new BPKBuilder().buildBPK( - identityLink.getIdentificationValue(), session.getTarget()); + identityLink.getIdentificationValue(), target); authData.setBPK(bpkBase64); } } @@ -2482,7 +2486,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (businessService) { //since we have foreigner, wbPK is not calculated in BKU if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), session.getDomainIdentifier()); + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); authData.setWBPK(wbpkBase64); } @@ -2490,7 +2494,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), session.getTarget()); + String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); authData.setBPK(bpkBase64); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 897933ea0..fb45e517d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -265,8 +265,8 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion //TODO: load special text from OAconfig - String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; - //String text = ""; + //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; + String text = ""; String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index fa9789530..de86a4f05 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -27,6 +27,8 @@ package at.gv.egovernment.moa.id.auth.builder; import java.security.MessageDigest; import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -89,6 +91,16 @@ public class BPKBuilder { new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); } + + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + registerAndOrdNr = registerAndOrdNr + .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + registerAndOrdNr); + } + String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; try { MessageDigest md = MessageDigest.getInstance("SHA-1"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 2e07a39a7..63ad62662 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -105,8 +105,9 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ // no target attribut is given in OA config // target is used from request // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + } else { // use target from config target = targetConfig; @@ -223,7 +224,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ target = request.getTarget(); parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); - + } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 93bc0d214..e77dd30d0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -243,8 +243,8 @@ public class CreateXMLSignatureResponseValidator { String samlSpecialText = (String)samlAttribute.getValue(); //TODO:load Text from OA config - String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; - //String text = ""; + //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; + String text = ""; String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant); if (!samlSpecialText.equals(specialText)) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 5342cd0d3..abfb4a1c0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -256,6 +256,7 @@ public class DispatcherServlet extends AuthServlet { RequestStorage.removePendingRequest(httpSession); + authmanager.logout(req, resp); } catch (Throwable e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index 91b88acb9..f63b0049f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -10,4 +10,6 @@ public interface IRequest { public void setModule(String module); public void setAction(String action); public String getTarget(); + + //public void setTarget(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java index 18f981243..a2f46694f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java @@ -110,16 +110,13 @@ public class CitizenTokenBuilder { //TL: AuthData generation is moved out from VerifyAuthBlockServlet try { + //TODO: LOAD oaParam from request and not from MOASession in case of SSO OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix()); - boolean useUTC = oaParam.getUseUTC(); + .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix()); - AuthenticationData authData; - - authData = AuthenticationServer.buildAuthenticationData(authSession, - authSession.getXMLVerifySignatureResponse(), - useUTC, - authSession.isForeigner()); + AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession, + oaParam, + authSession.getTarget()); Attribute pvpVersion = buildPVPVersion("2.1"); Attribute secClass = buildSecClass(3); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 6b35d7640..86e941db7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -102,14 +102,14 @@ public class AuthnRequestHandler implements IRequestHandler { //TL: AuthData generation is moved to Assertion generation. + + //TODO: LOAD oaParam from request and not from MOASession in case of SSO OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix()); - boolean useUTC = oaParam.getUseUTC(); - AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession, - authSession.getXMLVerifySignatureResponse(), - useUTC, - authSession.isForeigner()); + AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession, + oaParam, + authSession.getTarget()); //TL: getIdentificationValue holds the baseID --> change to pBK //subjectNameID.setValue(authData.getIdentificationValue()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index de87ebc50..3634c9983 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -13,6 +13,9 @@ import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -29,27 +32,48 @@ public class GetArtifactAction implements IAction { AuthenticationManager authmanager = AuthenticationManager.getInstance(); AuthenticationSession session = authmanager.getAuthenticationSession(httpSession); - String oaURL = (String) httpReq.getAttribute(PARAM_OA); - oaURL = StringEscapeUtils.escapeHtml(oaURL); +// String oaURL = (String) httpReq.getAttribute(PARAM_OA); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); + String oaURL = (String) req.getOAURL(); + String target = (String) req.getTarget(); + try { - - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) + + + if (oaURL == null) { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - - if (oaURL == null) { - oaURL = session.getOAURLRequested(); } - - if (oaURL == null) { + + // check parameter + if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - } - + + + // if (oaURL == null) { +// oaURL = session.getOAURLRequested(); +// } + + + // TODO: Support Mandate MODE! + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaURL); + + // builds authentication data and stores it together with a SAML + // artifact + + //TODO: check, if this is correct!!!! + //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(), + // useUTC, false); + + AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session, + oaParam, + target); + String samlArtifactBase64 = SAML1AuthenticationServer - .BuildSAMLArtifact(session); + .BuildSAMLArtifact(session, oaParam, authData); String redirectURL = oaURL; session.getOAURLRequested(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java index 7f7d82a20..3a2f4ee9f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.id.protocols.saml1; +import iaik.util.logging.Log; + import java.io.IOException; import javax.servlet.ServletException; @@ -37,90 +39,95 @@ public class GetArtifactServlet extends AuthServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - HttpSession httpSession = req.getSession(); - - AuthenticationManager authmanager = AuthenticationManager.getInstance(); - AuthenticationSession session = authmanager.getAuthenticationSession(httpSession); - - String oaURL = (String) req.getAttribute(PARAM_OA); - oaURL = StringEscapeUtils.escapeHtml(oaURL); - - String target = (String) req.getAttribute(PARAM_TARGET); - target = StringEscapeUtils.escapeHtml(target); - try { - - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.12"); - - if (oaURL == null) { - oaURL = session.getOAURLRequested(); - } - - if (oaURL == null) { - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.12"); - } - - String samlArtifactBase64 = SAML1AuthenticationServer - .BuildSAMLArtifact(session); - - String redirectURL = oaURL; - session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, - URLEncoder.encode(session.getTarget(), "UTF-8")); - - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, - URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); - - resp.setContentType("text/html"); - resp.setStatus(302); - - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - - // CONFIRMATION FOR SSO! - /* - * OAAuthParameter oaParam = - * AuthConfigurationProvider.getInstance(). - * getOnlineApplicationParameter(oaURL); - * - * String friendlyName = oaParam.getFriendlyName(); if(friendlyName - * == null) { friendlyName = oaURL; } - * - * - * LoginConfirmationBuilder builder = new - * LoginConfirmationBuilder(); - * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64); - * String form = builder.finish(oaURL, session.getIdentityLink() - * .getName(), friendlyName); - */ - - /* - resp.setContentType("text/html"); - - OutputStream out = resp.getOutputStream(); - out.write(form.getBytes("UTF-8")); - out.flush(); - out.close();*/ - - } catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } catch (ConfigurationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (BuildException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (AuthenticationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } + Log.err("Sollte nicht mehr verwendet werden!!!!"); + throw new ServletException("The Servlet Class + " + GetArtifactServlet.class + + " is out of date!!!"); + +// HttpSession httpSession = req.getSession(); +// +// AuthenticationManager authmanager = AuthenticationManager.getInstance(); +// AuthenticationSession session = authmanager.getAuthenticationSession(httpSession); +// +// String oaURL = (String) req.getAttribute(PARAM_OA); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); +// +// String target = (String) req.getAttribute(PARAM_TARGET); +// target = StringEscapeUtils.escapeHtml(target); +// +// try { +// +// // check parameter +// if (!ParamValidatorUtils.isValidOA(oaURL)) +// throw new WrongParametersException("StartAuthentication", +// PARAM_OA, "auth.12"); +// +// if (oaURL == null) { +// oaURL = session.getOAURLRequested(); +// } +// +// if (oaURL == null) { +// throw new WrongParametersException("StartAuthentication", +// PARAM_OA, "auth.12"); +// } +// +// String samlArtifactBase64 = SAML1AuthenticationServer +// .BuildSAMLArtifact(session); +// +// String redirectURL = oaURL; +// session.getOAURLRequested(); +// if (!session.getBusinessService()) { +// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, +// URLEncoder.encode(session.getTarget(), "UTF-8")); +// +// } +// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, +// URLEncoder.encode(samlArtifactBase64, "UTF-8")); +// redirectURL = resp.encodeRedirectURL(redirectURL); +// +// resp.setContentType("text/html"); +// resp.setStatus(302); +// +// resp.addHeader("Location", redirectURL); +// Logger.debug("REDIRECT TO: " + redirectURL); +// +// // CONFIRMATION FOR SSO! +// /* +// * OAAuthParameter oaParam = +// * AuthConfigurationProvider.getInstance(). +// * getOnlineApplicationParameter(oaURL); +// * +// * String friendlyName = oaParam.getFriendlyName(); if(friendlyName +// * == null) { friendlyName = oaURL; } +// * +// * +// * LoginConfirmationBuilder builder = new +// * LoginConfirmationBuilder(); +// * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64); +// * String form = builder.finish(oaURL, session.getIdentityLink() +// * .getName(), friendlyName); +// */ +// +// /* +// resp.setContentType("text/html"); +// +// OutputStream out = resp.getOutputStream(); +// out.write(form.getBytes("UTF-8")); +// out.flush(); +// out.close();*/ +// +// } catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// } catch (ConfigurationException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (BuildException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (AuthenticationException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 36fd75d8b..e79954daa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -96,27 +96,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer { return authData; } - public static String BuildSAMLArtifact(AuthenticationSession session) throws ConfigurationException, BuildException, AuthenticationException { - - // TODO: Support Mandate MODE! - - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - boolean useUTC = oaParam.getUseUTC(); - boolean useCondition = oaParam.getUseCondition(); - int conditionLength = oaParam.getConditionLength(); - - // builds authentication data and stores it together with a SAML - // artifact - - //TODO: check, if this is correct!!!! - //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(), - // useUTC, false); - - AuthenticationData authData = buildAuthenticationData(session, - session.getXMLVerifySignatureResponse(), - useUTC, - session.isForeigner()); + public static String BuildSAMLArtifact(AuthenticationSession session, + OAAuthParameter oaParam, + AuthenticationData authData) + throws ConfigurationException, BuildException, AuthenticationException { //TODO: check, if this is correct!!!! // String samlAssertion = new AuthenticationDataAssertionBuilder().build( @@ -127,6 +110,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer { // session.getAssertionBusinessService(), // session.getExtendedSAMLAttributesOA(), useCondition, // conditionLength); + + + boolean useCondition = oaParam.getUseCondition(); + int conditionLength = oaParam.getConditionLength(); try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index b5e957c5a..09314ba37 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -9,9 +9,12 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -67,6 +70,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { RequestImpl config = new RequestImpl(); String oaURL = (String) request.getParameter(PARAM_OA); oaURL = StringEscapeUtils.escapeHtml(oaURL); + String target = (String) request.getParameter(PARAM_TARGET); target = StringEscapeUtils.escapeHtml(target); @@ -76,15 +80,23 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { target = null; } - if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); config.setOAURL(oaURL); - config.setTarget(target); + + //load Target only from OA config + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaURL); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { oaURL }); + + config.setTarget(oaParam.getTarget()); request.getSession().setAttribute(PARAM_OA, oaURL); - request.getSession().setAttribute(PARAM_TARGET, target); + request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget()); return config; } -- cgit v1.2.3