eIDAS-Node Build 1.2 Content This release is based on version 1.0 of the eIDAS technical specifications. This release includes stability improvements. **This release contains the following improvements: + Improvements in security - Penetration tested; + Improvement in code quality: - Corrections based on code quality analysis. + Improvements in build process: - Reorganising Maven POM in a standardised way; + Improvements in eIDAS-Node configuration: - Make eIDAS software compliant with eIDAS specification regarding TLS version by introducing new configuration property tls.enabled.protocols; - Add configuration properties service.askconsent.all.attributes, service.askconsent.attribute.names.only to manage the business attribute/Value in the consent page. + Improvements in metadata: - Metadata was double-signed. Both the Entity descriptor as well as the role descriptor were signed. Only the root element is now signed. + Improvements in Specific module configuration: - Merge of the two files specific.properties and eidas_Specific.xml into eidas_Specific.xml; - Rename SAML Engine configuration files, XXX_Specific.xml is renamed to XXX_Specific-IdP.xml, XXX_SP-Connector.xml is renamed to XXX_SP-Specific.xml. + Improvements in sample SP configuration: - Add configuration properties (sp.metadata.validatesignature, sp.metadata.trusteddescriptors) to manage the validation of the metadata signature. + Improvements in sample IDP configuration: - Add configuration properties (idp.metadata.validatesignature, idp.metadata.trusteddescriptors) to manage the validation of the metadata signature. + Improved utilisation of Hazelcast: - Now only one Hazelcast instance is used by default, but it can be reconfigured to have multiple instances in application context. + **This release contains the following bugs fixed: + Correction of the white list for encryption algorithm was not working properly when configured differently than the standard ()Eidas-Specific to IDP) (internal ref EIDINT-1177) + Correction of error in SP during validation of AudienceRestriction element of the SAML response ( internal ref : EIDINT-1160) + Correction when using a CA having a certificate with special characters, it failed to load the certificate for signing and encrypting (internal ref EIDINT-1146) + Correction of the eIDAS node rejects personIdentifier attributes containing the hyphen character (internal ref EIDINT-1120) + Correction of too many sessions still active (internal ref EIDINT-1113) + Correction of signature of static metadata was not validated ( internal ref : EIDINT-1094) + Correction of Proxy service did not complain when minimum data set was not correctly set (internal ref : EIDINT-1058) + Correction of data digest method is sha1, should be SHA 256 in metadata(internal ref : EIDINT-969) + Correction of Cleanup eIDASSession from the code and replace the logic when needed (internal ref : EIDINT-1051) + Correction of failed encryption doesn't throw exceptions ( internal EIDINT-1049) + Correction of Incorrect issuer URL (ConnectorMetadata instead of ConnectorResponderMetadata) in Connector response to SP (internal ref EIDINT-1048) + Correction of Loss of RelayState parameter in the workflow (internal ref EIDINT-1046) + Correction of transliteration by removing validation from NODE enabling any transliterated value(internal ref EIDINT-1041) + Correction of no more usable production mode setting parameter by remove it (internal ref EIDINT-980,EIDINT-970,EIDINT-949) + Correction of NodeMetadataFetcher, getFromCache returned null (internal ref EIDINT-971) + Correction of WebSphere Default Url for /SP (SP/populateindexpage) was not recognised (internal ref EIDINT-964) + Correction of infinite redirect loop by accessing JSP pages (internal ref EIDINT-948) + Correction of PersonalAttrList by replacing it by Immutable Attr and delete session in specific (EIDINT-945) + Correction of Broken UTF-8 (internal ref EIDINT-923) + Correction of off encoding by adding the CharacterEncodingFilter in web.xml (otherwise the default charset is ISO-8859-1 for HTTP). + Correction of Proxy service validation binding : exception (internal ref EIDINT-860) + Correction of the Validation of the SPType, The validation is now in the Specific part of the connector (internal ref EIDINT-845) + Correction of the audit files location by using java system property "LOG_HOME" (internal ref EIDINT-672) + Correction of Allowing SHA256-rsa-MGF1 as signing algorithm (internal ref EDINT-1276) + Correction of Adding OrganizationName in metadata (internal ref EDINT-1269) + Correction of Removing ID in IDPSSODescriptor as well as SPSSPDescriptor in the metadata (internal ref EIDINT-1268) + Correction of Wrong type of extension : SAML Protocol XML Schema is changed xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" (internal ref EIDINT-1267) + Correction of HTTPMetadataProvider was not released (internal refEIDINT-1256) + Correction of is changed to optional (internal ref EIDINT-1242) + Correction of is changed to optional (internal refEIDINT-1259) ####################### previous releases ####################### eIDAS-Node Build 1.1 Content This eIDAS release includes architectural and stability improvements. Please be aware that the related documentation covering this release is not yet available but will be updated in the coming weeks. This release contains the following improvements: - definition of an abstraction and clear conformity of light Request/Response (in the module EIDAS-Light-Commons). These light objects (SAML agnostic) are designed to be used in the eIDAS-Node (SP to Connector) and also in the country specific modules (Proxy Service to IDP); - definition of an abstraction and a clear conformity for the country specific modules (in the module EIDAS-SpecificCommunicationDefinition). With this abstraction the dependency with the SAML Engine is no longer needed in the country specific modules; - improvements to the SAML Engine for complete independence and to able to be configured separately from the eIDAS-Node (metadata configuration, white list of signature and encryption algorithms); - definition of an attribute registry used by the SAML Engine to provide clear definition, conformity of the attributes supported (configuration based) and enforcing validation; - full coverage of the transliteration at the attribute and attribute registry level; and - hardening to ensure immutability when necessary on the classes used in the SAML Engine (builder pattern). The release also includes the following changes : + complete refactoring of the commons API to define a clear contract, prevent security and concurrency issues; + clear separation between Connector and Proxy Service; + definition of a clear contract of the SAML Engine API; + opening and definition of the SAML Engine ExtensionProcessorInterface, allowing extensibility to other SAML protocols (e.g. eIDAS, STORK etc.); + definition and declaration of a clear contract of the methods used in the Specific module; + dynamic configuration for properties used by the SAML Engine, these properties have been extracted from the eIDAS-Node general configuration and allow a more granular configuration (eidas.xml, eidas-specific.xml); + implementation of the minimum data set validation based on the attribute registry; +implementation of a stable light-weight abstraction layer, exposed as an API and shipped as a library, on top of the OpenSAML library, which would wrap up all the low-level SAML boilerplate code; + implementation of two namespaces http://eidas.europa.eu/attributes/naturalperson and http://eidas.europa.eu/attributes/legalperson; and + remote code execution during object deserialization correction - upgrade the dependency version to commons-collection 3.2.2. N.B. For compatibility, some APIs from 1.0.2 have been kept from previous unofficial releases but declared as deprecated. They could disappear in a future release, replaced by the new already provided implementation. eIDAS Node Build 1.0.2 Content This intermediary release includes architectural and stability improvements (documentation not updated). The tested applications servers are Tomcat, GlassFish and WebLogic. This release provides an end-to-end sample of the happy path of a citizen's identification with a complete refactoring of the SAML Engine. This refactoring covered: - defining an abstraction and clear conformity of light Request/Response (in the module EIDAS-Light-Commons). These light objects (SAML agnostic) are designed to be used in the eIDAS-Node and also in the country specific modules; - defining an abstraction and a clear conformity for the country specific modules (in the module EIDAS-SpecificCommunicationDefinition). With this abstraction the dependency with the SAML Engine is no longer needed in the country specific modules; - defining an attribute registry used by the SAML Engine to provide clear definition and conformity of the attributes supported (configuration based); and - hardening and ensuring immutability when necessary on the classes used in the SAML Engine (builder pattern). eIDAS Node Build 1.0 Content N.B: In a future release, it is intended to provide a major architectural improvement involving the Specific module. The Specific module is inherited from the STORK PEPS Pilot 1 application. It provides a sample implementation of a Member State Specific module to customise the communication between the Identity Provider and the eIDAS-Node Proxy Service. Version 1.0 does not contain any improvements to or enhancements of the Specific module. The architectural improvements of the Specific module will: - Provide abstraction and a correct placeholder for the Member State's specific implementation; - Remove the dependency between the SAML Engine and the Specific module; - Extend the Specific module to cover communications between Service Provider and eIDAS-Node Connector as well as the communications between Identity Provider and the eIDAS-Node Proxy Service. Version 1.0 includes the following: + Improvement of the software look and feel; + Renaming of the STORK references to eIDAS terminology; + Modifications of the eIDAS-Node related to the technical specification: Parametrisation of the signing certificate of the metadata; Verification of the metadata expiration when processing it from the cache; Check the certificate validity on metadata generation, no metadata published if certificate expired; Suppression of EXACT implementation of the LoA (Level of Assurance); Support sector specific attributes; Disable the support for STORK1 message format; Change of message format (namespace from "stork" to "eidas"). + Modification in the sample SP-IDP and AP: Support eIDAS LoA in the SP and IDP; Support eIDAS attributes; Extend eIDAS compliance to include communication between SP and the eIDAS-Node; Extend eIDAS compliance to include communication between IDP and the eIDAS-Node; Improvement of the sample Service Provider to show the decrypted assertion. + Security : Update of third party libraries to the latest version(Bouncycastle-XMLSec-XML Santuario-Xalan-Commons-httpClient); + Migration from Maven 2 to Maven 3; + provide new sample of eIDAS Keystore (double key + metadata signature) provided for each binary. List of conformance documents and requirements: - eIDAS Interoperability Architecture v1.0 - eIDAS Message Format v1.0 - eIDAS SAML Attribute Profile v1.0 - eIDAS - Crypto Requirements for the Interop Framework v1.0 eIDAS Node Build 0.9 Content Version 0.9 + Add a feature selector enforcing eIDAS regulation compliance (when set to true); + Support of eIDAS compliant message format (eIDAS Technical Specifications); + Extension of eIDAS metadata (eIDAS Technical Specifications); + Security improvements: Strengthen browser cache weakness: add no-cache policy in the HTTP response header; Reflected Cross-site scripting mitigation: sanitisation of displayed values; + Removal of Middleware plugin; + Extension of the sample applications (SP, IDP, AP) to provide a sample of use of the eIDAS regulation features. *** NOTE ********************************************************************* *** The following releases relate to pre-eIDAS-Node STORK PEPS implementations *** ************************************************************************** Build 1.3.1 Content Version 1.3.1 + Configurable SAML Response encryption. + Support of signed Assertion (SAML Response messages MUST be signed and the embedded Assertion MAY be signed). + Validation of the signing and encrypting algorithms with a configurable white list. + Support for SAML request HTTP redirect binding. + First implementation of the SAML metadata based on the retrieval of metadata via a url. + Improvement of the auditing and error management. + Configuration improvement. + Extension of supported application server to include WebSphere Liberty profile 8.5.5 already supported servers are : Tomcat - Glassfish - JBoss - WebLogic and WebSphere). + Modification of the Sample Service provider to allow resigning the SAML request (in order to allow SAML edition) Build 1.3.0 content Version 1.3.0 + Removal of Struts framework on the PEPS (replaced by pure servlet implementation). + Extension of supported application server to include WebSphere 8.5.5 already supported servers are : Tomcat - Glassfish - JBoss - WebLogic). + Integration of the German middleware (refer to the PEPS Installation, Configuration and Integration Manual for details). + Increase of modularity of components (AT-middleware, GE-middleware, C-PEPS) with feature selector. + Provide support to Java 7 + Increased coverage of unit tests in the PEPS + Fixing issues : Some corrections (cookies/session management, ...) for supporting a distributed environment (cluster). + Security improvements. Disable XML entities processing to patch XXE vulnerability. Automatically add the secure flag on cookies when TLS is enabled. Disable all HTTP methods but GET & POST. Update of third party libraries to the latest version 2.6.4 (i.e. security update for openSAML). Update of Signing algorithm to SHA512. Error management improvement for none disclose purpose. CSRF mitigation during citizen consent phases. Build 1.3.0 content STORK-Peps-1.3.0.zip = Distribution version '1.3.0' of the reference PEPS Doc\PEPS Installation Quick Start Guide v1 3 0.pdf = Quick Install of preconfigured PEPS Doc\PEPS 1 3 0 Installation Manual.pdf = Detailed install Guide STORK-Peps-Sources-1.3.0.zip = Source files of the reference PEPS including an example of implementation of a SP (service provider), Idp (Identity provider) , AP (attributes provider) and an example of signModule. (maven projects) STORK-Peps-Binaries-Glassfish-1.3.0.zip = Deployable war files of a preconfigured PEPS (Country CB) for a GlassFish Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) STORK-Peps-Binaries-Jboss-1.3.0.zip = Deployable war files of a preconfigured PEPS (Country CC) for a JBoss Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) STORK-Peps-Binaries-Tomcat-1.3.0.zip = Deployable war files of a preconfigured PEPS (Country CA) for a Tomcat Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) STORK-Peps-Binaries-Wls-1.3.0.zip = Deployable war files of a preconfigured PEPS (Country CD) for a WebLogic Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) STORK-Peps-Binaries-Was-1.3.0.zip = Deployable war files of a preconfigured PEPS (Country CF) for a WebSphere application Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) ======= Build 1.2.0 content Version 1.2.0 + Validation of the Citizen country code (SP provided) with the the IDP country returned + Anti replay mechanism at S-PEPS and C-PEPS level (error message will be 200006 - The SAML Request Token is missing or invalid. ) + Correction in the cookie check when using moa/mocca integration + Skew Time configuration for CPEPS + SAML not after and not before check + Extension on Validation of SAML and Stork schema + For mandatory unknown attributes, request should be rejected (Correction) + Extend the demo server PEPS configuration by creating keystores and certificates (saml signature) by stakeholder (SP/SPEPS/CPEPS/IDP) reflecting better the reality. (instead of one for all). + Security Improvements Web session management : Add secure flag for session cookies (only available in Servlet 3.0 : Tomcat 7 - GlassFish 3 - JBoss 7 - WebLogic 12c) HttpOnly flag for session cookies (only available in Servlet 3.0 : Tomcat 7 - GlassFish 3 - JBoss 7 - WebLogic 12c) Add HSTS (force keeping Strict-Transport-Security: max-age=60000; includeSubDomains) with a feature selector Framing protection : X-Frame-Options header for all the application XSS countermeasures 1. Content Security Policy (CSP) Added X-Content-Security-Policy for backward compatibility Added X-WebKit-CSP for backward compatibility Added Content-Security-Policy Modification of the jsp to prevent inline scripting (disabled on the moa/mocca page due to iFrame integration) Added a fallback mechanism showing warning message if the CSP filter has been disabled Added a report handler logging all the CSP violations 2. X-XSS-Protection header Added the header (use a feature selector declared in peps.xml) 3. X-Content-Type-Options: nosniff Added the header (use a feature selector declared in peps.xml) + Code quality : possible nullpointers correction in AUCPEPS, STORKSamlEngine + Code quality/security : Standard pseudo-random number generators cannot withstand cryptographic attacks : replace with secureRandom. + Simplification of configuration : Remove of the double references of peps.xml & specific.properties in the classpath. All the configurations use spring injection on the same files (located outside of the application). Define some default values for possible missing configurations + Correction of an UTF-8 issue on encoding on moa/mocca Build 1.1.1 content STORK-Peps-1.1.1.zip = Distribution version '111' of the reference PEPS Doc\QuickStarted-STORK-Peps-Binaries.doc = Quick Install of preconfigured PEPS Doc\PEPS 1.1.1 Installation Manual.docx = Detailed install Guide STORK-Peps-Sources-1.1.1.zip = Source files of the reference PEPS including an example of implementation of a SP (service provider), Idp (Identity provider) , AP (attributes provider) and an example of signModule. (maven projects) STORK-Peps-Binaries-Glassfish-1.1.1.zip = Deployable war files of a preconfigured PEPS (Country CA) for a GlassFish Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) STORK-Peps-Binaries-Jboss-1.1.1.zip = Deployable war files of a preconfigured PEPS (Country CB) for a JBoss Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) STORK-Peps-Binaries-Tomcat-1.1.1.zip = Deployable war files of a preconfigured PEPS (Country CC) for a Tomcat Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) STORK-Peps-Binaries-Wls-1.1.1.zip = Deployable war files of a preconfigured PEPS (Country CD) for a WebLogic Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) Version 1.1.1 + Upgrade of struts version from 2.3.15.1 to 2.3.16.2 in order to respond security vulnerabilities (CVE-2014-0094, CVE-2013-6348, CVE-2013-4316) Please, refer to http://struts.apache.org/announce.html for further information. ======= Build 1.1.0 content STORK-Peps-1.1.0.zip = Distribution version '110' of the reference PEPS Doc\QuickStarted-STORK-Peps-Binaries.doc = Quick Install of preconfigured PEPS Doc\PEPS 1.1.0 Installation Manual.docx = Detailed install Guide STORK-Peps-Sources-1.1.0.zip = Source files of the reference PEPS including an example of implementation of a SP (service provider), Idp (Identity provider) , AP (attributes provider) and an example of signModule. (maven projects) STORK-Peps-Binaries-Glassfish-1.1.0.zip = Deployable war files of a preconfigured PEPS (Country CA) for a GlassFish Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) STORK-Peps-Binaries-Jboss-1.1.0.zip = Deployable war files of a preconfigured PEPS (Country CB) for a JBoss Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) STORK-Peps-Binaries-Tomcat-1.1.0.zip = Deployable war files of a preconfigured PEPS (Country CC) for a Tomcat Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) STORK-Peps-Binaries-Wls-1.1.0.zip = Deployable war files of a preconfigured PEPS (Country CD) for a WebLogic Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) Version 1.1.0 + Direct integration with the Austrian MOA/MOCCA components without using a VIDP. Please note: this integration requires cookies to be allowed at server side. + Fix of an issue in the signedDoc (AP part), where some characters were not properly escaped. ======= Build 1.0.3 content STORK-Peps-1.0.3.zip = Distribution version '103' of the reference PEPS Doc\QuickStarted-STORK-Peps-Binaries.doc = Quick Install of preconfigured PEPS Doc\PEPS 1.0.3 Installation Manual.docx = Detailed install Guide STORK-Peps-Sources-1.0.3.zip = Source files of the reference PEPS including an example of implementation of a SP (service provider), Idp (Identity provider) , AP (attributes provider) and an example of signModule. (maven projects) STORK-Peps-Binaries-Glassfish-1.0.3.zip = Deployable war files of a preconfigured PEPS (Country CA) for a GlassFish Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) STORK-Peps-Binaries-Jboss-1.0.3.zip = Deployable war files of a preconfigured PEPS (Country CB) for a JBoss Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) STORK-Peps-Binaries-Tomcat-1.0.3.zip = Deployable war files of a preconfigured PEPS (Country CC) for a Tomcat Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) STORK-Peps-Binaries-Wls-1.0.3.zip = Deployable war files of a preconfigured PEPS (Country CD) for a WebLogic Server ( including AP.war, IdP.war, PEPS.war, SignModule.war, SP.war ) Version 1.0.3 + Modification of the build to support Tomcat 6, Glassfish 3, JBoss 6, WebLogic 10.3.6 + Review the code to remove potential errors and to improve code quality (based on findbugs - pmd reports : nullPointers reference, bad error management, cyclomatic complecity, ...) + Fix of a security issue related to the struts 2 library + Fix of an issue in the signedDoc where some characters were not properly escaped + Fix unit test problems + Change the packaging (see above) + Add an example of preconfigured PEPS + Correction in the IDP to allow configuration without AP + Inclusion of the M2 repository used for the build Module support status: (1=built and verified; 2=built only; 3=untested) 1: STORK-Commons 1: STORK-SAMLEngine 1: STORK-Specific 1: STORK-PEPS 1: STORK-SP 1: STORK-IdP-1.0 1: STORK-AP 2: STORK-VersionControl 2: STORK-UPDATER 3: STORK-signmodule 3: STORK-IdP 3: STORK-IdP (alternative)