From 7ae642ec1857d0c796ba21ffcd6b5466285c92af Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 18 Apr 2014 12:48:33 +0200 Subject: create methodes to parse interfederated assertions into authData --- .../id/auth/builder/AuthenticationDataBuilder.java | 49 +++++++++++++++++++--- .../id/storage/AuthenticationSessionStoreage.java | 20 +++++++++ 2 files changed, 63 insertions(+), 6 deletions(-) (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 00528f7a1..1e0089a53 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -38,6 +38,8 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -72,12 +74,6 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(oaID); - - - /* TODO: Support Mandate MODE! - * Insert functionality to translate mandates in case of SSO - */ - AuthenticationData authdata = null; if (protocolRequest instanceof SAML1RequestImpl) { @@ -95,6 +91,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { if (protocolRequest.getInterfederationResponse() != null) { //get attributes from interfederated IDP + buildAuthDataFromInterfederationResponse(authdata, session, oaParam, protocolRequest); } else { @@ -106,6 +103,40 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { return authdata; } + /** + * @param authdata + * @param session + * @param oaParam + */ + private static void buildAuthDataFromInterfederationResponse( + AuthenticationData authdata, AuthenticationSession session, + OAAuthParameter oaParam, IRequest req) { + + try { + AssertionAttributeExtractor extract = + new AssertionAttributeExtractor(req.getInterfederationResponse().getResponse()); + + if (oaParam.isInderfederationIDP()) { + //only set minimal response attributes + authdata.setQAALevel(extract.getQAALevel()); + authdata.setBPK(extract.getNameID()); + + } else { + //IDP response to service provider + // --> collect attributes by using BackChannel communication + + //TODO: get protocol specific requested attributes + + + + } + + } catch (AssertionAttributeExtractorExeption e) { + Logger.error("Build authData from interfederated PVP2.1 assertion FAILED.", e); + + } + } + private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, OAAuthParameter oaParam) throws BuildException { @@ -147,6 +178,12 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { authData.setSsoSession(AuthenticationSessionStoreage.isSSOSession(session.getSessionID())); + + /* TODO: Support SSO Mandate MODE! + * Insert functionality to translate mandates in case of SSO + */ + + MISMandate mandate = session.getMISMandate(); authData.setMISMandate(mandate); authData.setUseMandate(session.getUseMandate()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 69167c75d..e18d9786d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -154,6 +154,26 @@ public class AuthenticationSessionStoreage { return id; } + public static void setInterfederationAttributCollectorUsed(AuthenticationSession session, String idpID) throws MOADatabaseException { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + List idpList = dbsession.getInderfederation(); + for (InterfederationSessionStore idp : idpList) { + if (idp.getIdpurlprefix().endsWith(idpID)) + idp.setAttributesRequested(true); + } + + //store AssertionStore element to Database + try { + MOASessionDBUtils.saveOrUpdate(dbsession); + Logger.info("MOASession with sessionID=" + session.getSessionID() + + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not stored.",e); + throw e; + } + } + public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { -- cgit v1.2.3