diff --git a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpStaticLoginProcessor.java b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpStaticLoginProcessor.java
index e8a0c63973472a7d6c6e30e8a23da1fb58aad307..dfa065d5773940bae383977666d0e6e6c9a05a53 100644
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpStaticLoginProcessor.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpStaticLoginProcessor.java
@@ -366,7 +366,9 @@ public class OidcOpStaticLoginProcessor extends AbstractOidcOpLoginProcessor {
invocable.invokeFunction("resolveAttributes", scriptingEnv, attributeBuilder, attributeResolver,
attributeRelease, identity, user, registry, logger, flowState, consumerConfig, opConfig);
- } catch (NoSuchMethodException | ScriptException e) {
+ } catch (NoSuchMethodException e) {
+ logger.info("Skipping resolveAttributes method. It's not defined.");
+ } catch (ScriptException e) {
logger.warn("Script execution failed. Continue with other scripts.", e);
}
} else {
@@ -397,7 +399,9 @@ public class OidcOpStaticLoginProcessor extends AbstractOidcOpLoginProcessor {
invocable.invokeFunction(methodName, scriptingEnv, claimsBuilder, user, registry,
serviceOidcClient.getService(), logger, identity);
- } catch (NoSuchMethodException | ScriptException e) {
+ } catch (NoSuchMethodException e) {
+ logger.info("Skipping " + methodName + " method. It's not defined.");
+ } catch (ScriptException e) {
logger.warn("Script execution failed. Continue with other scripts.", e);
}
} else {
diff --git a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/saml/SamlIdpServiceImpl.java b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/saml/SamlIdpServiceImpl.java
index 00f764f185f7e4b40a5225918c3b4a3804908432..3ff1f510e7fb9ef26f19b076a6f5429d232d2849 100644
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/saml/SamlIdpServiceImpl.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/saml/SamlIdpServiceImpl.java
@@ -200,7 +200,7 @@ public class SamlIdpServiceImpl implements SamlIdpService {
SamlSpMetadataEntity spMetadata = spDao.findByEntityId(authnRequest.getIssuer().getValue());
logger.debug("Corresponding SP found in Metadata: {}", spMetadata.getEntityId());
authnRequestEntity.setSpMetadata(spMetadata);
-
+
List<ServiceSamlSpEntity> serviceSamlSpEntityList = serviceSamlSpDao.findBySamlSp(spMetadata);
if (serviceSamlSpEntityList.size() == 0) {
@@ -461,7 +461,12 @@ public class SamlIdpServiceImpl implements SamlIdpService {
X509Data x509Data = keyInfo.getX509Datas().get(0);
org.opensaml.xmlsec.signature.X509Certificate x509cert = x509Data.getX509Certificates().get(0);
String cert = x509cert.getValue();
- Encrypter enc = buildEncrypter(cert, messageContext, spMetadata.getEntityId());
+
+ final String dataEncAlgo = spMetadata.getGenericStore().getOrDefault("enc_algo",
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
+ final String keyTransAlgo = spMetadata.getGenericStore().getOrDefault("key_transport_algo",
+ EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
+ Encrypter enc = buildEncrypter(cert, messageContext, spMetadata.getEntityId(), dataEncAlgo, keyTransAlgo);
try {
return enc.encrypt(assertion);
} catch (EncryptionException e) {
@@ -469,8 +474,8 @@ public class SamlIdpServiceImpl implements SamlIdpService {
}
}
- private Encrypter buildEncrypter(String cert, MessageContext messageContext, String spEntityId)
- throws SamlAuthenticationException {
+ private Encrypter buildEncrypter(String cert, MessageContext messageContext, String spEntityId, String dataEncAlgo,
+ String keyTransAlgo) throws SamlAuthenticationException {
try {
byte[] decodedCert = Base64.decodeBase64(cert);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
@@ -483,9 +488,9 @@ public class SamlIdpServiceImpl implements SamlIdpService {
generator.setEmitPublicKeyValue(true);
EncryptionParameters encParams = new EncryptionParameters();
- encParams.setDataEncryptionAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
+ encParams.setDataEncryptionAlgorithm(dataEncAlgo);
encParams.setDataKeyInfoGenerator(generator.newInstance());
- encParams.setKeyTransportEncryptionAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
+ encParams.setKeyTransportEncryptionAlgorithm(keyTransAlgo);
encParams.setKeyTransportEncryptionCredential(encryptCredential);
encParams.setKeyTransportKeyInfoGenerator(generator.newInstance());
@@ -573,7 +578,8 @@ public class SamlIdpServiceImpl implements SamlIdpService {
private String buildAttributeStatement(final SamlIdpConfigurationEntity idpConfig,
final SamlSpMetadataEntity spMetadata, final AuthnRequest authnRequest, final Assertion assertion,
final UserEntity user, final List<ServiceSamlSpEntity> serviceSamlSpEntityList,
- final RegistryEntity registry, final SamlAuthnRequestEntity authnRequestEntity) throws SamlAuthenticationException {
+ final RegistryEntity registry, final SamlAuthnRequestEntity authnRequestEntity)
+ throws SamlAuthenticationException {
List<Attribute> attributeList = new ArrayList<>();
Boolean subjectOverride = false;
diff --git a/regapp-as/src/main/java/edu/kit/scc/webreg/as/AttributeSourceUpdater.java b/regapp-as/src/main/java/edu/kit/scc/webreg/as/AttributeSourceUpdater.java
index e0fd912fc0bc4c4c1c82b97133b3ec526cb854be..20e4e017dafea08c741638f424a1af3d2bd73d1f 100644
--- a/regapp-as/src/main/java/edu/kit/scc/webreg/as/AttributeSourceUpdater.java
+++ b/regapp-as/src/main/java/edu/kit/scc/webreg/as/AttributeSourceUpdater.java
@@ -73,6 +73,11 @@ public class AttributeSourceUpdater implements Serializable {
ASUserAttrEntity asUserAttr = findASUserAttr(user, attributeSource);
+ if (attributeSource.getAsProps() != null && attributeSource.getAsProps().containsKey("disabled")
+ && attributeSource.getAsProps().get("disabled").equalsIgnoreCase("true")) {
+ return changed;
+ }
+
// Default expiry Time after for Attribute Update
Long expireTime = 30000L;