-

Anmeldung an: #OAName#

+

Anmeldung an: $OAName

-

#HEADER_TEXT#

+

$HEADER_TEXT

-
+
+ onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'$MANDATECHECKED> -
+

Home Country Selection

i @@ -907,16 +87,6 @@

-
diff --git a/id/server/doc/htmlTemplates/sendAssertion.html b/id/server/doc/htmlTemplates/sendAssertion.html index 07d018a94..7ae4b3f92 100644 --- a/id/server/doc/htmlTemplates/sendAssertion.html +++ b/id/server/doc/htmlTemplates/sendAssertion.html @@ -3,556 +3,7 @@ - - + Anmeldung an Online-Applikation @@ -574,25 +25,21 @@
-

Anmeldung an: #OAName#

+

Anmeldung an: $OAName

-
+ - - - - + +
-
+ - - - - + +
@@ -600,18 +47,6 @@
-
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index c1533eeb7..fb6ba1bc6 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -113,6 +113,7 @@ axis + pom -- cgit v1.2.3 From 581d87d939820b9e74130279692f2825baff6594 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 7 Apr 2016 16:23:18 +0200 Subject: add initial version of a virtual IDP REST URL rewrite filter --- .../interceptor/VHostUrlRewriteServletFilter.java | 185 +++++++++++++++++++++ .../at/gv/egovernment/moa/id/util/HTTPUtils.java | 11 ++ .../moa/id/auth/MOAIDAuthSpringInitializer.java | 13 +- 3 files changed, 203 insertions(+), 6 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java new file mode 100644 index 000000000..93d74d7ef --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java @@ -0,0 +1,185 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.servlet.interceptor; + +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.List; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; + +import org.springframework.context.ApplicationContext; + +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class VHostUrlRewriteServletFilter implements Filter { + + private static final String VHOST_PATH = "/vhost/"; + private static final String AUTHURL = "authURL"; + + + private ApplicationContext context = null; + + public VHostUrlRewriteServletFilter(ApplicationContext context) { + Logger.info("Register vHost Servelt Filter"); + this.context = context; + + } + + /* (non-Javadoc) + * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) + */ + @Override + public void init(FilterConfig filterConfig) throws ServletException { + + } + + /* (non-Javadoc) + * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) + */ + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) + throws IOException, ServletException { + HttpServletRequest httpReq = (HttpServletRequest) request; + try { + AuthConfiguration authConfig = context.getBean(AuthConfiguration.class); + List configuredPublicURLPrefix = authConfig.getPublicURLPrefix(); + + //check if End-Point is valid + String publicURLString = HTTPUtils.extractAuthURLFromRequest(httpReq); + URL publicURL; + try { + publicURL = new URL(publicURLString); + + } catch (MalformedURLException e) { + Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + publicURLString, e); + throw new ConfigurationException("1299", null, e); + + } + + //check if virtual IDPs are enabled + if (!authConfig.isVirtualIDPsEnabled()) { + Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0)); + httpReq.setAttribute(AUTHURL, configuredPublicURLPrefix.get(0)); + chain.doFilter(request, response); + + } else { + String authURLString = HTTPUtils.extractAuthServletPathFromRequest(httpReq); + URL authURL; + try { + authURL = new URL(authURLString); + + } catch (MalformedURLException e) { + Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authURLString, e); + throw new ConfigurationException("1299", null, e); + + } + + Logger.debug("Extract AuthenticationServiceURL: " + authURLString); + URL resultURL = null; + + for (String el : configuredPublicURLPrefix) { + try { + URL configuredURL = new URL(el); + + //get Ports from URL + int configPort = configuredURL.getPort(); + if (configPort == -1) + configPort = configuredURL.getDefaultPort(); + + int authURLPort = authURL.getPort(); + if (authURLPort == -1) + authURLPort = authURL.getDefaultPort(); + + //check AuthURL against ConfigurationURL + if (configuredURL.getHost().equals(authURL.getHost()) && + configPort == authURLPort && + authURL.getPath().startsWith(configuredURL.getPath())) { + Logger.debug("Select configurated PublicURLPrefix: " + configuredURL + + " for authURL: " + authURLString); + resultURL = configuredURL; + } + + } catch (MalformedURLException e) { + Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el); + + } + } + + if (resultURL == null) { + Logger.warn("Extract AuthenticationServiceURL: " + authURL + " is NOT found in configuration."); + throw new ConfigurationException("config.25", new Object[]{authURLString}); + + } else { + httpReq.setAttribute(AUTHURL, resultURL.toExternalForm()); + + } + + String servletPath = httpReq.getServletPath(); + if (servletPath.startsWith(VHOST_PATH)) { + Logger.trace("Found V-IDP selection via REST URL ... "); + String vHostDescriptor = resultURL.toExternalForm().substring(0, publicURLString.length()); + String requestedServlet = authURLString.substring(0, vHostDescriptor.length()); + String newURL = publicURL.toExternalForm().concat(requestedServlet); + httpReq.setAttribute(AUTHURL, newURL); + httpReq.getRequestDispatcher(newURL).forward(httpReq, response); + + } else { + Logger.trace("Found V-IDP selection via Domain ..."); + chain.doFilter(request, response); + + } + + } + + } catch (ConfigurationException e) { + + + } + + } + + /* (non-Javadoc) + * @see javax.servlet.Filter#destroy() + */ + @Override + public void destroy() { + // TODO Auto-generated method stub + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java index d2499af9d..4cb6af127 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java @@ -173,6 +173,17 @@ public class HTTPUtils { } + /** + * Extract the IDP requested URL from authrequest + * + * @param req HttpServletRequest + * @return RequestURL which ends always without / + */ + public static String extractAuthServletPathFromRequest(HttpServletRequest req) { + return extractAuthURLFromRequest(req).concat(req.getServletPath()); + + } + public static String addURLParameter(String url, String paramname, String paramvalue) { String param = paramname + "=" + paramvalue; diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java index 636a3ed03..327d659ec 100644 --- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java +++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java @@ -98,9 +98,7 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer { MOAIDAuthSpringInitializer.class)); } } - - - + Logger.debug("Refreshing context "+ rootContext); rootContext.refresh(); @@ -108,8 +106,7 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer { Logger.trace("Final Beans in "+ rootContext); dumpBeanDefinitions(rootContext); - - + Logger.info("Registering dispatcher configuration"); ServletRegistration.Dynamic dispatcher = servletContext.addServlet( "dispatcher", new DispatcherServlet(rootContext)); @@ -123,7 +120,11 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer { Logger.info("=============== Register RequestContextListener! ==============="); servletContext.addListener(new RequestContextListener()); - + +// Logger.info("=============== Register RequestFilter! ==============="); +// servletContext.addFilter("vHost RequestFilter", new VHostUrlRewriteServletFilter(rootContext)) +// .addMappingForUrlPatterns(null, false, "/*"); + Logger.info("Basic Context initalisation finished --> Start MOA-ID-Auth initialisation process ..."); MOAIDAuthInitializer.initialize(rootContext); Logger.info(MOAIDMessageProvider.getInstance().getMessage( -- cgit v1.2.3 From 5ad752b76eed7c345638ecd67f180919a4f9d3d7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 7 Apr 2016 16:24:05 +0200 Subject: change MOA-ID version commands in default configuration --- id/server/data/deploy/conf/moa-id/moa-id.properties | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'id/server') diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties index a3a677a0d..784f66602 100644 --- a/id/server/data/deploy/conf/moa-id/moa-id.properties +++ b/id/server/data/deploy/conf/moa-id/moa-id.properties @@ -5,24 +5,24 @@ ****** -##General MOA-ID 3.0 Configuration +##General MOA-ID 3.x Configuration ##For Testing configuration.validation.certificate.QC.ignore=false protocols.pvp2.assertion.encryption.active=false protocols.pvp2.schemavalidation=true -##General MOA-ID 2.0 operations -#MOA-ID 2.0 session information encryption key (PassPhrase) +##General MOA-ID 3.x operations +#MOA-ID 3.x session information encryption key (PassPhrase) configuration.moasession.key=SessionEncryptionKey configuration.moaconfig.key=ConfigurationEncryptionKey -#MOA-ID 2.0 Monitoring Servlet +#MOA-ID 3.x Monitoring Servlet configuration.monitoring.active=false configuration.monitoring.message.success=All Tests passed! configuration.monitoring.test.identitylink.url=$PATH_TO_CONFIG$/conf/moa-id/monitoring/monitoring_idl.xml -#MOA-ID 2.0 Advanced Logging +#MOA-ID 3.x Advanced Logging configuration.advancedlogging.active=false ##Webservice Client Configuration @@ -65,7 +65,7 @@ protocols.oauth20.jwt.ks.key.name=oauth protocols.oauth20.jwt.ks.key.password=password ##Database configuration## -#Hibnerate configuration for MOA-ID 2.0 session store +#Hibnerate configuration for MOA-ID 3.x session store moasession.hibernate.dialect=org.hibernate.dialect.MySQLDialect moasession.hibernate.connection.url=jdbc:mysql://localhost/moa-id-session?charSet=utf-8 moasession.hibernate.connection.charSet=utf-8 @@ -86,7 +86,7 @@ moasession.hibernate.c3p0.max_size=20 moasession.hibernate.c3p0.max_statements=0 moasession.hibernate.c3p0.min_size=3 -#Hibnerate configuration for MOA-ID 2.0 configuration +#Hibnerate configuration for MOA-ID 3.x configuration configuration.hibernate.dialect=org.hibernate.dialect.MySQLDialect configuration.jpaVendorAdapter.generateDdl=true configuration.hibernate.show_sql=false @@ -109,7 +109,7 @@ configuration.dbcp.testWhileIdle=false configuration.dbcp.validationQuery=SELECT 1 # -#Hibnerate configuration for MOA-ID 2.0 advanced statistic logging +#Hibnerate configuration for MOA-ID 3.x advanced statistic logging advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQLDialect advancedlogging.hibernate.connection.url=jdbc:mysql://localhost/moa-id-statistic?charSet=utf-8&autoReconnect=true advancedlogging.hibernate.connection.charSet=utf-8 -- cgit v1.2.3 From 1e66fa62ef2114aa412e4c207c8180c18aa07a0b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 8 Apr 2016 06:22:13 +0200 Subject: fix bug in PVP2 assertion builder. - https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf does not allow 'NotBefore' attribute in when 'Method' contains 'urn:oasis:names:tc:SAML:2.0:cm:bearer' (see 554 - 560 chapter 4.1.4.2) --- .../moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 68301d000..483bcb1ec 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -436,7 +436,7 @@ public class PVP2AssertionBuilder implements PVPConstants { .createSAMLObject(SubjectConfirmationData.class); subjectConfirmationData.setInResponseTo(authnRequest.getID()); subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime())); - subjectConfirmationData.setNotBefore(date); +// subjectConfirmationData.setNotBefore(date); subjectConfirmationData.setRecipient(assertionConsumerService.getLocation()); -- cgit v1.2.3 From 41882a0c5601dda478c2749ac99c2087b864c912 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 8 Apr 2016 07:48:40 +0200 Subject: change logLevel to warn --- .../java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index fd2e03afa..d87480cc1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -221,7 +221,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { Logger.warn(loggedException.getMessage(), loggedException); } else { - Logger.info(loggedException.getMessage()); + Logger.warn(loggedException.getMessage()); } } -- cgit v1.2.3 From 08c3ad78e9e6607a0f72dd89b052464f8655ebe2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 8 Apr 2016 08:12:40 +0200 Subject: fix typo in default BKU-Selection template --- id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html | 4 ++-- id/server/doc/htmlTemplates/BKU-selection.html | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'id/server') diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html index 02b86472b..6c70b57b3 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html @@ -37,13 +37,13 @@