authNRequest fixes and other changes

[Nick87]

AuthNRequest fixes

• isPassive attribute is not allowed (partially addresses #11)

see https://docs.italia.it/italia/spid/spid-regole-tecniche/it/stabile/single-sign-on.html

nell’elemento non deve essere presente l’attributo IsPassive (ad indicare false come valore di default)

see https://www.spid.gov.it/assets/download/SPID_QAD.pdf

2.1.11 - The IsPassive attribute must not be present

• both AssertionConsumerServiceIndex and AssertionConsumerServiceUrl+ProtocolBinding must not be set (partially addresses #11)

From spid-testenv2 validation:

"Uno e uno solo uno tra gli attributi o gruppi di attributi devono essere presenti: [AssertionConsumerServiceIndex, [AssertionConsumerServiceUrl, ProtocolBinding]]"

see https://docs.italia.it/italia/spid/spid-regole-tecniche/it/stabile/single-sign-on.html

In alternativa all’attributo AssertionConsumerServiceIndex (scelta sconsigliata) possono essere presenti: l’attributo AssertionConsumerServiceURL [...] l’attributo ProtocolBinding [...]

• ForceAuthn attribute must be present if SPID level > 1 (partially addresses #11)

see https://docs.italia.it/italia/spid/spid-regole-tecniche/it/stabile/single-sign-on.html

l’attributo ForceAuthn nel caso in cui si richieda livelli di autenticazione superiori a SpidL1 (SpidL2 o SpidL3)

• Issuer must be set to "urn:oasis:names:tc:SAML:2.0:nameid-format:entity" not to "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" (partially addresses #11)

see https://docs.italia.it/italia/spid/spid-regole-tecniche/it/stabile/single-sign-on.html

L’elemento deve riportare gli attributi: Format fissato al valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity

see https://www.spid.gov.it/assets/download/SPID_QAD.pdf

2.2.4 - The Format attribute must be urn:oasis:names:tc:SAML:2.0:nameidformat:entity

• The same public key info is provided twice in getSignature() (explicitly and via certificate), resulting in having both KeyValue and X509Data elements present in the AuthnRequest, making signxml throwing an exception when using spid-testenv2. Fixes #10.

see https://github.com/XML-Security/signxml/issues/143

As a fix, public key info is now only added via certificate (commenting KeyInfoHelper.addPublicKey(keyInfo, certificate.getPublicKey()); in getSignature()) and adding Signer.signObject(authnRequest.getSignature()); to printAuthnRequest

see https://github.com/italia/spid-testenv2/issues/325

• comparison set to MINIMUM in AuthNContext (partially addresses #11)

Other minor changes:

• added maven generated dirs to .gitignore
• privateKey must not be logged
• option to not compress authnrequest when using POST binding (partially addresses #11)
• added lombok

[peppelinux]

thank you @Nick87 @polarene