add virtual hosting caps for login methods

bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/client/OidcClientCallbackServiceImpl.java

@@ -128,7 +128,18 @@ public class OidcClientCallbackServiceImpl implements OidcClientCallbackService
 			AuthorizationCode code = successResponse.getAuthorizationCode();
 			flowState.setCode(code.getValue());
 
-			URI callback = new URI(rpConfig.getCallbackUrl());
+			String callbackUrl;
+			if (! rpConfig.getCallbackUrl().startsWith("https://")) {
+				/*
+				 * we are dealing with a relative acs endpoint. We have to build it with the called hostname;
+				 */
+				callbackUrl = "https://" + httpServletRequest.getServerName() + rpConfig.getCallbackUrl();
+			}
+			else {
+				callbackUrl = rpConfig.getCallbackUrl();
+			}
+
+			URI callback = new URI(callbackUrl);
 			AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callback);
 
 			ClientID clientID = new ClientID(rpConfig.getClientId());

bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/client/OidcClientRedirectService.java

@@ -2,12 +2,13 @@ package edu.kit.scc.webreg.service.oidc.client;
 
 import java.io.Serializable;
 
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import edu.kit.scc.webreg.service.saml.exc.OidcAuthenticationException;
 
 public interface OidcClientRedirectService extends Serializable {
 
-	void redirectClient(Long oidcRelyingPartyId, HttpServletResponse response) throws OidcAuthenticationException;
+	void redirectClient(Long oidcRelyingPartyId, HttpServletRequest request, HttpServletResponse response) throws OidcAuthenticationException;
 
 }

bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/client/OidcClientRedirectServiceImpl.java

@@ -6,6 +6,7 @@ import java.net.URISyntaxException;
 
 import javax.ejb.Stateless;
 import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
@@ -43,7 +44,7 @@ public class OidcClientRedirectServiceImpl implements OidcClientRedirectService
 	private OidcOpMetadataSingletonBean opMetadataBean;
 	
 	@Override
-	public void redirectClient(Long oidcRelyingPartyId, HttpServletResponse response) throws OidcAuthenticationException {
+	public void redirectClient(Long oidcRelyingPartyId, HttpServletRequest servletRequest, HttpServletResponse response) throws OidcAuthenticationException {
 		
 		OidcRpConfigurationEntity rpConfig = rpConfigDao.findById(oidcRelyingPartyId);
 		
@@ -51,12 +52,23 @@ public class OidcClientRedirectServiceImpl implements OidcClientRedirectService
 			throw new OidcAuthenticationException("relying party not configured");
 		}
 		
+		String callbackUrl;
+		if (! rpConfig.getCallbackUrl().startsWith("https://")) {
+			/*
+			 * we are dealing with a relative acs endpoint. We have to build it with the called hostname;
+			 */
+			callbackUrl = "https://" + servletRequest.getServerName() + rpConfig.getCallbackUrl();
+		}
+		else {
+			callbackUrl = rpConfig.getCallbackUrl();
+		}
+		
 		try {
 			URI authzEndpoint = opMetadataBean.getAuthorizationEndpointURI(rpConfig);
 			
 			ClientID clientID = new ClientID(rpConfig.getClientId());
 			Scope scope = new Scope(OIDCScopeValue.OPENID, OIDCScopeValue.PROFILE, OIDCScopeValue.EMAIL);
-			URI callback = new URI(rpConfig.getCallbackUrl());
+			URI callback = new URI(callbackUrl);
 			State state = new State();
 			Nonce nonce = new Nonce();
 			AuthenticationRequest request = new AuthenticationRequest.Builder(
@@ -74,7 +86,7 @@ public class OidcClientRedirectServiceImpl implements OidcClientRedirectService
 			flowState.setNonce(nonce.getValue());
 			rpFlowStateDao.persist(flowState);
 			
-			logger.info("Sending OIDC Client to uri: {}", requestURI);
+			logger.info("Sending OIDC Client to uri: {} with callback {}", requestURI, callbackUrl);
 			
 			response.sendRedirect(requestURI.toString());
 		} catch (URISyntaxException | IOException | ParseException e) {

bwreg-service/src/main/java/edu/kit/scc/webreg/service/saml/Saml2RedirectService.java

@@ -12,6 +12,7 @@ package edu.kit.scc.webreg.service.saml;
 
 import javax.enterprise.context.ApplicationScoped;
 import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
@@ -47,17 +48,28 @@ public class Saml2RedirectService {
 	private SsoHelper ssoHelper;
 	
 	public void redirectClient(SamlIdpMetadataEntity idpEntity,
-			SamlSpConfigurationEntity spEntity, HttpServletResponse response) 
+			SamlSpConfigurationEntity spEntity, HttpServletRequest request, HttpServletResponse response) 
 					throws MessageEncodingException, ComponentInitializationException {
 
+		String acs;
+		if (! spEntity.getAcs().startsWith("https://")) {
+			/*
+			 * we are dealing with a relative acs endpoint. We have to build it with the called hostname;
+			 */
+			acs = "https://" + request.getServerName() + spEntity.getAcs();
+		}
+		else {
+			acs = spEntity.getAcs();
+		}
+		
 		EntityDescriptor entityDesc = samlHelper.unmarshal(
 				idpEntity.getEntityDescriptor(), EntityDescriptor.class);
 		SingleSignOnService sso = metadataHelper.getSSO(entityDesc, SAMLConstants.SAML2_REDIRECT_BINDING_URI);
 
 		AuthnRequest authnRequest = ssoHelper.buildAuthnRequest(
-				spEntity.getEntityId(), spEntity.getAcs(), SAMLConstants.SAML2_POST_BINDING_URI);
+				spEntity.getEntityId(), acs, SAMLConstants.SAML2_POST_BINDING_URI);
 
-		logger.debug("Sending client to idp {} endpoint {}", idpEntity.getEntityId(), sso.getLocation());
+		logger.debug("Sending client to idp {} endpoint {} and ACS {}", idpEntity.getEntityId(), sso.getLocation(), acs);
 
 		MessageContext<SAMLObject> messageContext = new MessageContext<SAMLObject>();
 		messageContext.setMessage(authnRequest);

bwreg-webapp/src/main/java/edu/kit/scc/webreg/sec/OidcClientRedirectHandlerServlet.java

@@ -62,7 +62,7 @@ public class OidcClientRedirectHandlerServlet implements Servlet {
 		}
 		
 		try {
-			redirectService.redirectClient(session.getOidcRelyingPartyId(), response);
+			redirectService.redirectClient(session.getOidcRelyingPartyId(), request, response);
 		} catch (OidcAuthenticationException e) {
 			throw new ServletException("Problems encountered: " + e.getMessage());
 		}

bwreg-webapp/src/main/java/edu/kit/scc/webreg/sec/Saml2RedirectLoginHandlerServlet.java

@@ -77,7 +77,7 @@ public class Saml2RedirectLoginHandlerServlet implements Servlet {
 			SamlIdpMetadataEntity idpEntity = idpService.findById(session.getIdpId());
 			SamlSpConfigurationEntity spEntity = spService.findById(session.getSpId());
 			
-			saml2RedirectService.redirectClient(idpEntity, spEntity, response);
+			saml2RedirectService.redirectClient(idpEntity, spEntity, request, response);
 
 		} catch (MessageEncodingException e) {
             throw new ServletException("Error encoding outgoing message", e);