From 3974cdadf7e40ce7fd6b2bc7e067dc77ab51ee0b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 20 Mar 2014 15:54:11 +0100 Subject: add SAML1 sourceID received from StartAuthentication request --- id/server/doc/handbook/protocol/protocol.html | 5 +++++ .../moa/id/protocols/saml1/GetArtifactAction.java | 9 ++++++++- .../moa/id/protocols/saml1/SAML1AuthenticationServer.java | 4 ++-- .../gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java | 12 +++++++++++- 4 files changed, 26 insertions(+), 4 deletions(-) (limited to 'id') diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index 450df0aad..ebe0dbdca 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -1083,6 +1083,11 @@ Folgende Parameter m BE, SI, Optional: Gibt an ob die Anmeldung mittels STORK im angegebenen Land erfolgen soll. Die Angabe erfolgt mit dem Ländercode (Bsp: PT, LU, ES, ...) des jeweiligen Landes. + + sourceID=<xxxxxxx> + abcdef141245 + Optional: Die sourceID fließt in die Genierung des SAML1 Artifacts, welches an den Service Provider returniert wird, ein. Detailinformationen zur Genierierung des SAML1 Artifacts und zur sourceID finden Sie in der SAML1 Spezifikation. +

3.4 GetAuthenticationData Request

Nach erfolgter Authentisierung stehen in MOA-ID-AUTH Anmeldedaten zum Abholen bereit, und MOA-ID-AUTH veranlasst einen Redirect zur Online-Applikation (OA).
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index c22f6d25f..c337433b6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -52,6 +52,13 @@ public class GetArtifactAction implements IAction { String oaURL = (String) req.getOAURL(); String target = (String) req.getTarget(); + String sourceID = null; + if (req instanceof SAML1RequestImpl) { + SAML1RequestImpl saml1req = (SAML1RequestImpl) req; + sourceID = saml1req.getSourceID(); + + } + try { @@ -84,7 +91,7 @@ public class GetArtifactAction implements IAction { Logger.info("MOA assertion assembled and SAML Artifact generated."); } - String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData); + String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData, sourceID); if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) { String url = "RedirectServlet"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 7c91026bf..6391860ff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -165,7 +165,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { public String BuildSAMLArtifact(AuthenticationSession session, OAAuthParameter oaParam, - AuthenticationData authData) + AuthenticationData authData, String sourceID) throws ConfigurationException, BuildException, AuthenticationException { //Load SAML1 Parameter from OA config @@ -326,7 +326,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { String samlArtifact = new SAMLArtifactBuilder().build( session.getAuthURL(), Random.nextRandom(), - saml1parameter.getSourceID()); + sourceID); storeAuthenticationData(samlArtifact, authData); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index ada0bfa8f..b6a2ac0b6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -82,7 +82,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { - RequestImpl config = new RequestImpl(); + SAML1RequestImpl config = new SAML1RequestImpl(); if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isSAML1Active()) { Logger.info("SAML1 is deaktivated!"); @@ -96,6 +96,9 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { String target = (String) request.getParameter(PARAM_TARGET); target = StringEscapeUtils.escapeHtml(target); + String sourceID = request.getParameter(PARAM_SOURCEID); + sourceID = StringEscapeUtils.escapeHtml(sourceID); + //the target parameter is used to define the OA in SAML1 standard if (target != null && target.startsWith("http")) { oaURL = target; @@ -112,10 +115,15 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + config.setOAURL(oaURL); Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL); + if (!ParamValidatorUtils.isValidSourceID(sourceID)) + throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); + + //load Target only from OA config OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(oaURL); @@ -131,6 +139,8 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { new Object[] { oaURL }); } + config.setSourceID(sourceID); + config.setTarget(oaParam.getTarget()); // request.getSession().setAttribute(PARAM_OA, oaURL); -- cgit v1.2.3