Author: prabath
Date: Wed Mar 12 06:04:04 2008
New Revision: 14739
Log:
PAPE related fixes
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDUtil.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDPape.java
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.java
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthenticationAction.java
trunk/solutions/identity/modules/user-ui/src/main/webapp/jsp/openidauthentication.jsp
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDUtil.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDUtil.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDUtil.java
Wed Mar 12 06:04:04 2008
@@ -266,9 +266,9 @@
}
/**
- *
- * @param params
- * @return
+ * Extracts authentication policies from the PAPE request
+ * @param params OpenID parameter list
+ * @return Set of authentication policies as requested by PAPE request
* @throws IdentityProviderException
*/
public static String[] getRequestedAuthenticationPolicies(
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDPape.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDPape.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/extensions/OpenIDPape.java
Wed Mar 12 06:04:04 2008
@@ -39,9 +39,7 @@
String profileName) throws IdentityProviderException {
MessageExtension message = null;
- // PapeRequest papeRequest = null;
PapeResponse papeResponse = null;
- // List preferredPolicies = null;
AuthRequest authRequest = null;
try {
@@ -49,24 +47,18 @@
message = authRequest.getExtension(PapeMessage.OPENID_NS_PAPE);
if (message instanceof PapeRequest) {
- // papeRequest = (PapeRequest) message;
- // preferredPolicies =
- // papeRequest.getPreferredAuthPoliciesList();
papeResponse = PapeResponse.createPapeResponse();
- papeResponse.setNistAuthLevel(1);
- // TODO: papeResponse.setAuthAge(1);
-
- if (request.isPhishingResistanceLogin())
+ if (request.isPhishingResistanceLogin()) {
papeResponse
.setAuthPolicies(PapeMessage.PAPE_POLICY_PHISHING_RESISTANT);
-
- if (request.isMultifactorLogin())
+ papeResponse.setNistAuthLevel(1);
+ }
+ if (request.isMultifactorLogin()) {
papeResponse
.setAuthPolicies(PapeMessage.PAPE_POLICY_MULTI_FACTOR);
+ papeResponse.setNistAuthLevel(2);
+ }
}
-
- // TODO:
-
} catch (MessageException e) {
throw new IdentityProviderException(
IdentityConstants.ErrorCodes.OPENID_RESP_GENERATION_FAILED,
@@ -77,7 +69,6 @@
}
/**
- *
* @param authRequest
* @return
* @throws IdentityProviderException
@@ -90,18 +81,20 @@
List preferredPolicies = null;
try {
+ if (authRequest.hasExtension(PapeMessage.OPENID_NS_PAPE)) {
+ message = authRequest.getExtension(PapeMessage.OPENID_NS_PAPE);
- message = authRequest.getExtension(PapeMessage.OPENID_NS_PAPE);
-
- if (message instanceof PapeRequest) {
- papeRequest = (PapeRequest) message;
- preferredPolicies = papeRequest.getPreferredAuthPoliciesList();
- return (String[]) preferredPolicies
- .toArray(new String[preferredPolicies.size()]);
+ if (message instanceof PapeRequest) {
+ papeRequest = (PapeRequest) message;
+ preferredPolicies = papeRequest
+ .getPreferredAuthPoliciesList();
+ if (preferredPolicies != null
+ && !preferredPolicies.isEmpty())
+ return (String[]) preferredPolicies
+ .toArray(new String[preferredPolicies.size()]);
+ }
}
-
return null;
-
} catch (MessageException e) {
throw new IdentityProviderException(
IdentityConstants.ErrorCodes.OPENID_RESP_GENERATION_FAILED,
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.java
Wed Mar 12 06:04:04 2008
@@ -16,6 +16,7 @@
import org.wso2.solutions.identity.IdentityProviderConstants;
import org.wso2.solutions.identity.IdentityProviderException;
import org.wso2.solutions.identity.UserStore;
+import org.wso2.solutions.identity.openid.OpenIDUtil;
import org.wso2.solutions.identity.persistence.IPPersistenceManager;
import org.wso2.solutions.identity.persistence.dataobject.OpenIDUserRPDO;
import org.wso2.solutions.identity.relyingparty.RelyingPartyException;
@@ -52,6 +53,7 @@
String user = null;
String infoCardSignin = null;
String rpUrl = null;
+ String[] policies = null;
context = ActionContext.getContext();
request = (HttpServletRequest) context.get(StrutsStatics.HTTP_REQUEST);
@@ -89,6 +91,23 @@
// User logs in with an information card
if (UserUtil.verifyInfoCardLogin(context, openID)) {
+ policies = OpenIDUtil
+ .getRequestedAuthenticationPolicies(requestParam);
+
+ if (policies != null) {
+ for (String policy : policies) {
+ if (policy
+
.equalsIgnoreCase(IdentityConstants.OpenId.PapeAttributes.MULTI_FACTOR)) {
+ session
+ .setAttribute(
+
"multiFactorAuthenticationWithUsernamePassword",
+ "true");
+
response.sendRedirect("OpenIDAuthentication.action");
+ break;
+ }
+ }
+ }
+
populateUserProfiles(user, rpUrl);
// Okay - user used InfoCards to login - next when tries login
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthenticationAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthenticationAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthenticationAction.java
Wed Mar 12 06:04:04 2008
@@ -20,7 +20,9 @@
public boolean multiFactorAuthentication;
- public boolean multifactPhysicalAuthentication;
+ public boolean multiFactorPhysicalAuthentication;
+
+ public boolean multiFactorAuthenticationWithUsernamePassword;
/**
* This will get executed during the user's authentication to the OpenID
@@ -55,43 +57,52 @@
return ERROR;
}
- policies = OpenIDUtil.getRequestedAuthenticationPolicies(requestParam);
+ loadMessages();
- for (String policy : policies) {
+ if (session
+ .getAttribute("multiFactorAuthenticationWithUsernamePassword")
!= null) {
+ multiFactorAuthenticationWithUsernamePassword = true;
+ session
+
.removeAttribute("multiFactorAuthenticationWithUsernamePassword");
+ }
- if (policy
-
.equalsIgnoreCase(IdentityConstants.OpenId.PapeAttributes.PHISHING_RESISTANCE))
{
- phishingResistanceAuthentication = true;
- }
+ if (!multiFactorAuthenticationWithUsernamePassword) {
+ return SUCCESS;
+ }
- if (policy
-
.equalsIgnoreCase(IdentityConstants.OpenId.PapeAttributes.MULTI_FACTOR)) {
- multiFactorAuthentication = true;
- }
+ policies = OpenIDUtil.getRequestedAuthenticationPolicies(requestParam);
- if (policy
-
.equalsIgnoreCase(IdentityConstants.OpenId.PapeAttributes.MULTI_FACTOR_PHYSICAL))
{
- multifactPhysicalAuthentication = true;
+ if (policies != null) {
+ for (String policy : policies) {
+ if (policy
+
.equalsIgnoreCase(IdentityConstants.OpenId.PapeAttributes.PHISHING_RESISTANCE))
{
+ phishingResistanceAuthentication = true;
+ }
+ if (policy
+
.equalsIgnoreCase(IdentityConstants.OpenId.PapeAttributes.MULTI_FACTOR)) {
+ multiFactorAuthentication = true;
+ }
+ if (policy
+
.equalsIgnoreCase(IdentityConstants.OpenId.PapeAttributes.MULTI_FACTOR_PHYSICAL))
{
+ multiFactorPhysicalAuthentication = true;
+ }
}
}
- loadMessages();
-
// Check whether the remember me option is set
Cookie[] cookies = request.getCookies();
- boolean remembereme = false;
+ boolean rememberme = false;
String openidurl = null;
String password = null;
String useInfoCard = null;
if (cookies != null) {
-
Cookie curCookie = null;
for (int x = 0; x < cookies.length; x++) {
curCookie = cookies[x];
if (curCookie.getName().equalsIgnoreCase("rememberme")) {
- remembereme = true;
+ rememberme = true;
} else if (curCookie.getName().equalsIgnoreCase("openid")) {
openidurl = curCookie.getValue();
} else if (curCookie.getName().equalsIgnoreCase("password")) {
@@ -103,13 +114,15 @@
}
}
- if (useInfoCard != null && useInfoCard.equals(openID)) {
+ if (useInfoCard != null && useInfoCard.equals(openID)
+ && !multiFactorAuthentication
+ && !multiFactorPhysicalAuthentication) {
response.sendRedirect("OpenIDSelfIssuedLogin.action");
return SUCCESS;
}
- if (remembereme && openidurl != null && openidurl.equals(openID)
- && password != null) {
+ if (rememberme && openidurl != null && openidurl.equals(openID)
+ && password != null && !phishingResistanceAuthentication) {
session.setAttribute("password", password);
response.sendRedirect("OpenIDAuthVerification.action");
}
@@ -125,7 +138,12 @@
return multiFactorAuthentication;
}
- public boolean isMultifactPhysicalAuthentication() {
- return multifactPhysicalAuthentication;
+ public boolean isMultiFactorPhysicalAuthentication() {
+ return multiFactorPhysicalAuthentication;
+ }
+
+ public boolean isMultiFactorAuthenticationWithUsernamePassword() {
+ return multiFactorAuthenticationWithUsernamePassword;
}
+
}
\ No newline at end of file
Modified:
trunk/solutions/identity/modules/user-ui/src/main/webapp/jsp/openidauthentication.jsp
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/webapp/jsp/openidauthentication.jsp
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/webapp/jsp/openidauthentication.jsp
Wed Mar 12 06:04:04 2008
@@ -81,22 +81,19 @@
<td><strong>Please sign
in to authenticate to <%=openidreturnto%>
as
<%=openididentity%>.</strong></td>
</tr>
+ <s:if
test="%{multiFactorPhysicalAuthentication}">
+ <tr>
+
<td><strong>Sorry, we do not support
+
Multi-Factor/Multi-Factor-Physical Authentication</strong></td>
+ </tr>
+ </s:if>
</table>
<%
}
%>
<table>
<tr>
- <s:if
test="%{multifactPhysicalAuthentication}">
- <td>
- <table
cellpadding="40">
- <tr>
-
<td><strong>Sorry, we do not support Multi-Factor-Physical
Authentication</strong></td>
- </tr>
- </table>
- </td>
- </s:if>
- <s:else>
+ <s:if
test="%{!(multiFactorPhysicalAuthentication)}">
<s:if
test="%{!phishingResistanceAuthentication}">
<td
width="40%">
<table
cellpadding="0" cellspacing="10" border="0"
@@ -118,36 +115,37 @@
<td colspan="2"><s:submit value="Login" align="left"
cssClass="button" /></td>
</tr>
-
</table>
</td>
+ </s:if>
+ <s:if
+
test="%{!(multiFactorAuthenticationWithUsernamePassword ||
phishingResistanceAuthentication)}">
<td><img src="images/line-sep.png" height="150" width="2" /></td>
-
<td
valign="middle" align="center" width="5%"><strong>OR</strong></td>
-
<td><img src="images/line-sep.png" height="150" width="2" /></td>
-
</s:if>
- <td>
- <table
cellpadding="40">
- <tr>
-
<td><strong>Login with your self-issued
-
Information Card</strong>
-
<div><a href="OpenIDSelfIssuedLogin.action"
-
title="Login with your Information Card"><img
-
src="images/infocard_114x80.png" align="left"
-
style="margin-right: 10px;" border="0" /></a> you can only login
-
with a personal information card that you have already
-
registered. If you have not registered a personal information
-
card please first login with your username and password and
-
register a card.</div>
-
</td>
- </tr>
- </table>
- </td>
- </s:else>
+ <s:if
test="%{!(multiFactorAuthenticationWithUsernamePassword)}">
+ <td>
+ <table
cellpadding="40">
+
<tr>
+
<td><strong>Login with your self-issued
+
Information Card</strong>
+
<div><a href="OpenIDSelfIssuedLogin.action"
+
title="Login with your Information Card"><img
+
src="images/infocard_114x80.png" align="left"
+
style="margin-right: 10px;" border="0" /></a> you can only
+
login with a personal information card that you have already
+
registered. If you have not registered a personal information
+
card please first login with your username and password and
+
register a card.</div>
+
</td>
+
</tr>
+ </table>
+ </td>
+ </s:if>
+ </s:if>
</tr>
</table>
</s:form></td>
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
