From a0f9ce4fcc9860acdf5fa0a4c23728c0bd0e1077 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 30 Oct 2014 09:16:20 +0100 Subject: set PVP SP metadata wantAssertionSigned=false --- .../java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index dbf54951f..0a8a6a581 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -194,7 +194,7 @@ public class MetadataAction implements IAction { .createSAMLObject(SPSSODescriptor.class); spSSODescriptor.setAuthnRequestsSigned(true); - spSSODescriptor.setWantAssertionsSigned(true); + spSSODescriptor.setWantAssertionsSigned(false); //Set AuthRequest Signing certificate -- cgit v1.2.3 From 915aaa6beeb1ca911ab8d557a6c162b84e107f9e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 30 Oct 2014 09:17:58 +0100 Subject: if no PVP EID-SECTOR-FOR-IDENTIFIER attribute is found, parse target from bPK attribute value prefix --- .../id/auth/builder/AuthenticationDataBuilder.java | 24 ++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 48933d5c9..5c0e497a3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -364,8 +364,28 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { authData.setIdentificationType(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_TYPE_NAME)); if (extractor.containsAttribute(PVPConstants.BPK_NAME)) { - String pvpbPK = extractor.getSingleAttributeValue(PVPConstants.BPK_NAME); - authData.setBPK(pvpbPK.split(":")[1]); + String pvpbPK = extractor.getSingleAttributeValue(PVPConstants.BPK_NAME); + String[] spitted = pvpbPK.split(":"); + authData.setBPK(spitted[1]); + if (MiscUtil.isEmpty(authData.getBPKType())) { + Logger.debug("PVP assertion contains NO bPK/wbPK target attribute. " + + "Starting target extraction from bPK/wbPK prefix ..."); + //exract bPK/wbPK type from bpk attribute value prefix if type is + //not transmitted as single attribute + Pattern pattern = Pattern.compile("[a-zA-Z]{2}(-[a-zA-Z]+)?"); + Matcher matcher = pattern.matcher(spitted[0]); + if (matcher.matches()) { + //find public service bPK + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + spitted[0]); + Logger.debug("Found bPK prefix. Set target to " + authData.getBPKType()); + + } else { + //find business service wbPK + authData.setBPKType(Constants.URN_PREFIX_WBPK+ "+" + spitted[0]); + Logger.debug("Found wbPK prefix. Set target to " + authData.getBPKType()); + + } + } } boolean foundEncryptedbPKForOA = false; -- cgit v1.2.3 From 1dd834817623fec5d7cb4055627ba86ed057f9f7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 30 Oct 2014 09:18:25 +0100 Subject: update PVPRole to ECRole mapping --- .../resources/resources/properties/pvp-stork_role_mapping.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id') diff --git a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties index 5bcfc7bd2..91a19f272 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/pvp-stork_role_mapping.properties @@ -1,2 +1,2 @@ -xxpvprole=CIRCABC/viewer -yypvprole=CIRCABC/admin \ No newline at end of file +viewer=CIRCABC/viewer +CIRCABC/viewer=CIRCABC/viewer \ No newline at end of file -- cgit v1.2.3 From 3529603a9c841f5554f390bab02032e2950cf2d6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 30 Oct 2014 09:18:59 +0100 Subject: remove unused depentencies --- id/ConfigWebTool/pom.xml | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index ec027b497..18bd1306b 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -83,16 +83,20 @@ at.gv.util egovutils - 1.0.7 + 2.0.0 - com.sun + org.apache.cxf * org.slf4j * + + bcprov-jdk16 + bouncycastle + + + com.sun.xml.rpc + jaxrpc-impl + 1.1.3_01 + + + javax.mail mail @@ -382,6 +390,10 @@ bcprov-jdk16 org.bouncycastle + + jaxws-tools + com.sun.xml.ws + -- cgit v1.2.3 From 1d17cc2cb30c5ad9f419b7d619805e3823283acc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 31 Oct 2014 10:23:40 +0100 Subject: fix STORK DateFormat --- .../moa/id/protocols/stork2/MOAAttributeProvider.java | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index 021eaee37..88c0e3245 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -36,12 +36,17 @@ import eu.stork.peps.auth.commons.STORKStatusCode; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; +import java.text.DateFormat; +import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; +import org.joda.time.format.DateTimeFormat; +import org.joda.time.format.DateTimeFormatter; + import javassist.expr.Instanceof; /** @@ -132,9 +137,11 @@ public class MOAAttributeProvider { } private String getFormatedDateOfBirth() { - if (authData.getDateOfBirth() != null) - return authData.getFormatedDateOfBirth(); + if (authData.getDateOfBirth() != null) { + DateFormat fmt = new SimpleDateFormat("yyyyMMdd"); + return fmt.format(authData.getDateOfBirth()); + } else return null; -- cgit v1.2.3 From a12bbb135540bd2b62e4a8d6f4614dd1dbe5ea12 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 31 Oct 2014 10:36:06 +0100 Subject: change PVP attribute provider logging --- .../id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 7c2476b3d..b301b6e5e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -265,9 +265,9 @@ public class PVP2AssertionBuilder implements PVPConstants { } catch (PVP2Exception e) { - Logger.error( + Logger.warn( "Attribute generation failed! for " - + reqAttribut.getFriendlyName(), e); + + reqAttribut.getFriendlyName()); if (reqAttribut.isRequired()) { throw new UnprovideableAttributeException( reqAttribut.getName()); -- cgit v1.2.3 From d624a3ec33b8e3a4e80aa64f05caa8df5d1fcb42 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 31 Oct 2014 11:11:29 +0100 Subject: fix MOA-IDP stored twince --- .../moa/id/configuration/struts/action/BasicOAAction.java | 12 +++++++----- .../moa/id/configuration/struts/action/EditOAAction.java | 2 +- .../struts/action/InterfederationIDPAction.java | 2 +- 3 files changed, 9 insertions(+), 7 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java index 415e1c957..5a9787069 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java @@ -142,7 +142,7 @@ public class BasicOAAction extends BasicAction { session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); } - protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication ) throws BasicOAActionException { + protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication, boolean persistOA) throws BasicOAActionException { if (onlineapplication == null) { onlineapplication = new OnlineApplication(); onlineapplication.setIsNew(true); @@ -186,7 +186,7 @@ public class BasicOAAction extends BasicAction { } //save OA configuration - String error = saveOAConfigToDatabase(onlineapplication); + String error = saveOAConfigToDatabase(onlineapplication, persistOA); if (MiscUtil.isNotEmpty(error)) { log.warn("OA configuration can not be stored!"); addActionError(error); @@ -395,7 +395,7 @@ public class BasicOAAction extends BasicAction { } } - private String saveOAConfigToDatabase(OnlineApplication dboa) { + private String saveOAConfigToDatabase(OnlineApplication dboa, boolean persistOA) { for (IOnlineApplicationData form : formList.values()) form.store(dboa, authUser, request); @@ -412,12 +412,14 @@ public class BasicOAAction extends BasicAction { ConfigurationDBUtils.saveOrUpdate(user); } else { - ConfigurationDBUtils.save(dboa); + if (persistOA) + ConfigurationDBUtils.save(dboa); } } else - ConfigurationDBUtils.saveOrUpdate(dboa); + if (persistOA) + ConfigurationDBUtils.saveOrUpdate(dboa); } catch (MOADatabaseException e) { log.warn("Online-Application can not be stored.", e); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 4cd556b75..1da948eec 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -217,7 +217,7 @@ public class EditOAAction extends BasicOAAction { } else { try { - onlineapplication = postProcessSaveOnlineApplication(onlineapplication); + onlineapplication = postProcessSaveOnlineApplication(onlineapplication, true); } catch (BasicOAActionException e) { addActionError(e.getStrutsError()); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java index 89dce3200..b92b17217 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java @@ -265,7 +265,7 @@ public class InterfederationIDPAction extends BasicOAAction { return Constants.STRUTS_ERROR_VALIDATION; } else { - onlineapplication = postProcessSaveOnlineApplication(onlineapplication); + onlineapplication = postProcessSaveOnlineApplication(onlineapplication, false); //set default Target interfederated nameID caluclation if (getPvp2OA() != null) { -- cgit v1.2.3 From b42d6aae70054772610da6b2d8d11d3377bed340 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 31 Oct 2014 12:10:53 +0100 Subject: fix problem with MOA-IDP database updates --- .../moa/id/configuration/struts/action/InterfederationIDPAction.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java index b92b17217..eead280be 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java @@ -263,9 +263,10 @@ public class InterfederationIDPAction extends BasicOAAction { formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; - + } else { - onlineapplication = postProcessSaveOnlineApplication(onlineapplication, false); + onlineapplication = postProcessSaveOnlineApplication(onlineapplication, + !(this instanceof MOAIDPAction)); //set default Target interfederated nameID caluclation if (getPvp2OA() != null) { -- cgit v1.2.3 From 13de12ab236a552e40a5b429d584d1e928d98fea Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 31 Oct 2014 12:49:46 +0100 Subject: exclude log4j-over-slf4j --- id/oa/pom.xml | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'id') diff --git a/id/oa/pom.xml b/id/oa/pom.xml index d5b3de522..93993c8a4 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -79,10 +79,22 @@ org.opensaml opensaml + + + org.slf4j + log4j-over-slf4j + + org.opensaml xmltooling + + + org.slf4j + log4j-over-slf4j + + javax.servlet -- cgit v1.2.3 From c669d1660fc96dd797929daeb23ec5dd9c44ee3c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 31 Oct 2014 13:01:56 +0100 Subject: remove debug code --- .../at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index 88c0e3245..5dcff3707 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -121,7 +121,7 @@ public class MOAAttributeProvider { private List getECApplicationRole() { List storkRoles = null; - if (true || authData.getAuthenticationRoles() != null + if (authData.getAuthenticationRoles() != null && authData.getAuthenticationRoles().size() > 0) { storkRoles = new ArrayList(); -- cgit v1.2.3 From 2886006ba2ca141377e66a330df5fc52797c2755 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 31 Oct 2014 13:56:47 +0100 Subject: fix STORK dateOfBirth attribute --- .../at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java index 5dcff3707..aaded0ce6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java @@ -70,7 +70,7 @@ public class MOAAttributeProvider { Map tempFunctionMap = new HashMap(); tempFunctionMap.put("eIdentifier", "geteIdentifier"); tempFunctionMap.put("ECApplicationRole","getECApplicationRole"); - tempSimpleMap.put("dateOfBirth", "getFormatedDateOfBirth"); + tempFunctionMap.put("dateOfBirth", "getFormatedDateOfBirth"); storkAttributeFunctionMapping = Collections.unmodifiableMap(tempFunctionMap); } -- cgit v1.2.3