Commit a620d966 authored by michael.simon's avatar michael.simon
Browse files

Add oidc op hints to discovery login bean

parent 56bdd9fd
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.service.oidc;
import edu.kit.scc.webreg.entity.oidc.OidcClientConfigurationEntity;
import edu.kit.scc.webreg.service.BaseService;
public interface OidcClientConfigurationService extends BaseService<OidcClientConfigurationEntity, Long> {
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.service.oidc;
import javax.ejb.Stateless;
import javax.inject.Inject;
import edu.kit.scc.webreg.dao.BaseDao;
import edu.kit.scc.webreg.dao.oidc.OidcClientConfigurationDao;
import edu.kit.scc.webreg.entity.oidc.OidcClientConfigurationEntity;
import edu.kit.scc.webreg.service.impl.BaseServiceImpl;
@Stateless
public class OidcClientConfigurationServiceImpl extends BaseServiceImpl<OidcClientConfigurationEntity, Long> implements OidcClientConfigurationService {
private static final long serialVersionUID = 1L;
@Inject
private OidcClientConfigurationDao dao;
@Override
protected BaseDao<OidcClientConfigurationEntity, Long> getDao() {
return dao;
}
}
......@@ -132,16 +132,18 @@ public class OidcOpLoginImpl implements OidcOpLogin {
flowState.setValidUntil(new Date(System.currentTimeMillis() + (30L * 60L * 1000L)));
flowState = flowStateDao.persist(flowState);
session.setOidcFlowStateId(flowState.getId());
session.setOidcAuthnOpConfigId(opConfig.getId());
session.setOidcAuthnClientConfigId(clientConfig.getId());
if (identity != null) {
logger.debug("Client already logged in, sending to return page.");
session.setAuthnRequestId(flowState.getId());
return "/oidc/realms/" + opConfig.getRealm() + "/protocol/openid-connect/auth/return";
}
else {
logger.debug("Client session from {} not established. In order to serve client must login. Sending to login page.",
request.getRemoteAddr());
session.setAuthnRequestId(flowState.getId());
session.setOriginalRequestPath("/oidc/realms/" + opConfig.getRealm() + "/protocol/openid-connect/auth/return");
return "/welcome/index.xhtml";
}
......@@ -162,12 +164,12 @@ public class OidcOpLoginImpl implements OidcOpLogin {
identity = identityDao.findById(session.getIdentityId());
}
if (session.getAuthnRequestId() != null) {
if (session.getOidcFlowStateId() != null) {
if (identity == null) {
throw new OidcAuthenticationException("User ID missing.");
}
OidcFlowStateEntity flowState = flowStateDao.findById(session.getAuthnRequestId());
OidcFlowStateEntity flowState = flowStateDao.findById(session.getOidcFlowStateId());
if (flowState == null) {
throw new OidcAuthenticationException("Corresponding flow state not found.");
}
......
......@@ -32,24 +32,38 @@ public class SessionManager implements Serializable {
private static final long serialVersionUID = 1L;
/*
* For SAML IDP logins triggered by SP
*/
private Long authnRequestId;
private Long authnRequestIdpConfigId;
private Long authnRequestSpMetadataId;
// identityId of the actual user
private Long identityId;
/*
* For OIDC OP logins triggered by RP
*/
private Long oidcFlowStateId;
private Long oidcAuthnOpConfigId;
private Long oidcAuthnClientConfigId;
/*
* For Local logins to home org SAML IDP
*/
private Long idpId;
private Long spId;
private String persistentId;
/*
* For Local logins to home org OIDC OP
*/
private Long oidcRelyingPartyId;
private String subjectId;
// identityId of the actual user
private Long identityId;
private Map<String, List<Object>> attributeMap;
private String persistentId;
private String subjectId;
private String originalRequestPath;
private String originalIdpEntityId;
......@@ -314,4 +328,28 @@ public class SessionManager implements Serializable {
public void setAuthnRequestSpMetadataId(Long authnRequestSpMetadataId) {
this.authnRequestSpMetadataId = authnRequestSpMetadataId;
}
public Long getOidcFlowStateId() {
return oidcFlowStateId;
}
public void setOidcFlowStateId(Long oidcFlowStateId) {
this.oidcFlowStateId = oidcFlowStateId;
}
public Long getOidcAuthnOpConfigId() {
return oidcAuthnOpConfigId;
}
public void setOidcAuthnOpConfigId(Long oidcAuthnOpConfigId) {
this.oidcAuthnOpConfigId = oidcAuthnOpConfigId;
}
public Long getOidcAuthnClientConfigId() {
return oidcAuthnClientConfigId;
}
public void setOidcAuthnClientConfigId(Long oidcAuthnClientConfigId) {
this.oidcAuthnClientConfigId = oidcAuthnClientConfigId;
}
}
......@@ -30,11 +30,15 @@ import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
import edu.kit.scc.webreg.entity.SamlSpConfigurationEntity;
import edu.kit.scc.webreg.entity.SamlSpMetadataEntity;
import edu.kit.scc.webreg.entity.ServiceSamlSpEntity;
import edu.kit.scc.webreg.entity.oidc.OidcClientConfigurationEntity;
import edu.kit.scc.webreg.entity.oidc.OidcOpConfigurationEntity;
import edu.kit.scc.webreg.entity.oidc.OidcRpConfigurationEntity;
import edu.kit.scc.webreg.service.SamlIdpConfigurationService;
import edu.kit.scc.webreg.service.SamlIdpMetadataService;
import edu.kit.scc.webreg.service.SamlSpConfigurationService;
import edu.kit.scc.webreg.service.SamlSpMetadataService;
import edu.kit.scc.webreg.service.oidc.OidcClientConfigurationService;
import edu.kit.scc.webreg.service.oidc.OidcOpConfigurationService;
import edu.kit.scc.webreg.service.oidc.OidcRpConfigurationService;
import edu.kit.scc.webreg.service.saml.FederationSingletonBean;
import edu.kit.scc.webreg.session.SessionManager;
......@@ -73,6 +77,12 @@ public class DiscoveryLoginBean implements Serializable {
@Inject
private SamlSpMetadataService spMetadataService;
@Inject
private OidcOpConfigurationService oidcOpConfigService;
@Inject
private OidcClientConfigurationService oidcClientConfigService;
private List<FederationEntity> federationList;
private List<SamlIdpMetadataEntity> idpList;
private FederationEntity selectedFederation;
......@@ -83,9 +93,21 @@ public class DiscoveryLoginBean implements Serializable {
private String filter;
/*
* Login came from SAML SP.
* spMetadata holds metadata of requester
* idpConfig is the IDP on reg-app side, which was requested
*/
private SamlSpMetadataEntity spMetadata;
private SamlIdpConfigurationEntity idpConfig;
/*
* Login came from OIDC RP.
*
*/
private OidcOpConfigurationEntity opConfig;
private OidcClientConfigurationEntity clientConfig;
private Boolean initialized = false;
public void preRenderView(ComponentSystemEvent ev) {
......@@ -157,15 +179,19 @@ public class DiscoveryLoginBean implements Serializable {
public void updateIdpList() {
if (selectedFederation == null) {
if (sessionManager.getAuthnRequestIdpConfigId() == null && sessionManager.getAuthnRequestSpMetadataId() == null) {
if (sessionManager.getOidcAuthnOpConfigId() != null &&
sessionManager.getOidcAuthnClientConfigId() != null) {
/*
* reg-app login directly called
* reg-app login called via OIDC relying party
*/
opConfig = oidcOpConfigService.findById(sessionManager.getOidcAuthnOpConfigId());
clientConfig = oidcClientConfigService.findById(sessionManager.getOidcAuthnClientConfigId());
idpList = federationBean.getAllIdpList();
}
else {
else if (sessionManager.getAuthnRequestIdpConfigId() != null &&
sessionManager.getAuthnRequestSpMetadataId() != null) {
/*
* reg-app login called via service provider/ relying party
* reg-app login called via SAML service provider
*/
idpConfig = idpConfigService.findById(sessionManager.getAuthnRequestIdpConfigId());
spMetadata = spMetadataService.findById(sessionManager.getAuthnRequestSpMetadataId());
......@@ -178,6 +204,12 @@ public class DiscoveryLoginBean implements Serializable {
}
}
}
else {
/*
* reg-app login directly called
*/
idpList = federationBean.getAllIdpList();
}
}
else {
idpList = federationBean.getIdpList(selectedFederation);
......@@ -268,4 +300,12 @@ public class DiscoveryLoginBean implements Serializable {
return idpConfig;
}
public OidcOpConfigurationEntity getOpConfig() {
return opConfig;
}
public OidcClientConfigurationEntity getClientConfig() {
return clientConfig;
}
}
......@@ -492,7 +492,7 @@ value=Wert
version=Version
warning=Warnung
welcome=Willkommen
welcome_disco=Um die Landesdienste nutzen zu k\u00F6nnen, ben\u00F6tigen Sie ein g\u00FCltiges Benutzerkonto bei einer der unten aufgef\u00FChrten Organisationen. W\u00E4hlen Sie dort die Organisation aus, an der Sie beheimatet sind und klicken Sie auf "Fortfahren".
welcome_disco=Um die f\u00F6derierten Dienste nutzen zu k\u00F6nnen, ben\u00F6tigen Sie ein g\u00FCltiges Benutzerkonto bei einer der unten aufgef\u00FChrten Organisationen. W\u00E4hlen Sie dort die Organisation aus, an der Sie beheimatet sind und klicken Sie auf "Fortfahren".
welcome_head=F\u00F6derierte Dienste - Registrierung
welcome_register=Sie nutzen die f\u00F6derierten Dienste zum ersten Mal. Um fortzufahren m\u00FCssen personenbezogene Daten von Ihnen verarbeitet und gespeichert werden. Diese Daten wurden von Ihrer Heimatorganisation \u00FCbermittelt und werden dort verwaltet. Ohne Ihre Zustimmung zur Datenverarbeitung und Speicherung ist die Nutzung der Dienste nicht m\u00F6glich.\n<br/><br/>\nDiese personenbezogene Daten enthalten ein Identifikationsmerkmal, das der Anwendung erlaubt, Sie wiederzuerkennen. Dieses Merkmal wird dar\u00FCberhinaus dazu verwendet, um die Zugangsrechte zu den Diensten periodisch, oder bei Benutzung zu pr\u00FCfen
welcome_sns_guest=Willkommen bei der Sync&Share Gast Registrierung. Bitte lesen und akzeptieren Sie die Nutzungsbedingungen und f\u00FCllen Sie das untenstehende Formular aus, um Ihren Account zu aktivieren.
......
......@@ -492,7 +492,7 @@ value=Value
version=Version
warning=Warning
welcome=Welcome
welcome_disco=In order to use bwServices you'll need a valid user account with one of the following orgaisations. Please choose your home organization from the list and click on "Continue".
welcome_disco=In order to use federated services you'll need a valid user account with one of the following orgaisations. Please choose your home organization from the list and click on "Continue".
welcome_head=bwServices - Registration
welcome_register=You are using bwServices for the first time. In order to continue your personal data has to be processed and stored.\n<br/><br/>\nThis application will store a identification handle which will allow it, to recognize you on your next visit. This handle is also used to check access rights to the services you are using, when you are using them, or periodically
welcome_sns_guest=Welcome to the sync and share guest registration. Please read and accept the agreement and fill in the form to activate your account.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment