Example 26 with SSOToken
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class TokenGenerationService method createInstance.
@Override
public Promise<ResourceResponse, ResourceException> createInstance(Context context, CreateRequest request) {
TokenGenerationServiceInvocationState invocationState;
try {
invocationState = TokenGenerationServiceInvocationState.fromJson(request.getContent());
} catch (Exception e) {
logger.error("Exception caught marshalling json into TokenGenerationServiceInvocationState instance: " + e);
return new BadRequestException(e.getMessage(), e).asPromise();
}
SSOToken subjectToken;
try {
subjectToken = validateAssertionSubjectSession(invocationState);
} catch (ForbiddenException e) {
return e.asPromise();
}
STSInstanceState stsInstanceState;
try {
stsInstanceState = getSTSInstanceState(invocationState);
} catch (ResourceException e) {
return e.asPromise();
}
if (TokenType.SAML2.equals(invocationState.getTokenType())) {
try {
final String assertion = saml2TokenGeneration.generate(subjectToken, stsInstanceState, invocationState);
return newResultPromise(issuedTokenResource(assertion));
} catch (TokenCreationException e) {
logger.error("Exception caught generating saml2 token: " + e, e);
return e.asPromise();
} catch (Exception e) {
logger.error("Exception caught generating saml2 token: " + e, e);
return new InternalServerErrorException(e.toString(), e).asPromise();
}
} else if (TokenType.OPENIDCONNECT.equals(invocationState.getTokenType())) {
try {
final String assertion = openIdConnectTokenGeneration.generate(subjectToken, stsInstanceState, invocationState);
return newResultPromise(issuedTokenResource(assertion));
} catch (TokenCreationException e) {
logger.error("Exception caught generating OpenIdConnect token: " + e, e);
return e.asPromise();
} catch (Exception e) {
logger.error("Exception caught generating OpenIdConnect token: " + e, e);
return new InternalServerErrorException(e.toString(), e).asPromise();
}
} else {
String message = "Bad request: unexpected token type:" + invocationState.getTokenType();
logger.error(message);
return new BadRequestException(message).asPromise();
}
}
Also used :
TokenGenerationServiceInvocationState(org.forgerock.openam.sts.service.invocation.TokenGenerationServiceInvocationState)
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
SSOToken(com.iplanet.sso.SSOToken)
BadRequestException(org.forgerock.json.resource.BadRequestException)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
ResourceException(org.forgerock.json.resource.ResourceException)
RestSTSInstanceState(org.forgerock.openam.sts.tokengeneration.state.RestSTSInstanceState)
SoapSTSInstanceState(org.forgerock.openam.sts.tokengeneration.state.SoapSTSInstanceState)
STSInstanceState(org.forgerock.openam.sts.tokengeneration.state.STSInstanceState)
TokenCreationException(org.forgerock.openam.sts.TokenCreationException)
CTSTokenPersistenceException(org.forgerock.openam.sts.CTSTokenPersistenceException)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
ForbiddenException(org.forgerock.json.resource.ForbiddenException)
SSOException(com.iplanet.sso.SSOException)
NotFoundException(org.forgerock.json.resource.NotFoundException)
BadRequestException(org.forgerock.json.resource.BadRequestException)
IdRepoException(com.sun.identity.idm.IdRepoException)
TokenCreationException(org.forgerock.openam.sts.TokenCreationException)
ResourceException(org.forgerock.json.resource.ResourceException)
STSPublishException(org.forgerock.openam.sts.STSPublishException)
Example 27 with SSOToken
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class OpenIdConnectTokenGenerationImplTest method testRSAOpenIdConnectTokenGeneration.
@Test
public void testRSAOpenIdConnectTokenGeneration() throws TokenCreationException {
SSOTokenIdentity mockSSOTokenIdentity = mock(SSOTokenIdentity.class);
when(mockSSOTokenIdentity.validateAndGetTokenPrincipal(any(SSOToken.class))).thenReturn(SUBJECT_NAME);
SSOToken mockSSOToken = mock(SSOToken.class);
STSInstanceState mockSTSInstanceState = mock(STSInstanceState.class);
STSInstanceConfig mockSTSInstanceConfig = mock(STSInstanceConfig.class);
when(mockSTSInstanceState.getConfig()).thenReturn(mockSTSInstanceConfig);
OpenIdConnectTokenConfig openIdConnectTokenConfig = buildRSAOpenIdConnectTokenConfig();
when(mockSTSInstanceConfig.getOpenIdConnectTokenConfig()).thenReturn(openIdConnectTokenConfig);
OpenIdConnectTokenPKIProviderImpl tokenCryptoProvider = new OpenIdConnectTokenPKIProviderImpl(openIdConnectTokenConfig);
when(mockSTSInstanceState.getOpenIdConnectTokenPKIProvider()).thenReturn(tokenCryptoProvider);
TokenGenerationServiceInvocationState mockTokenGenerationInvocationState = mock(TokenGenerationServiceInvocationState.class);
OpenIdConnectTokenClaimMapperProvider mockClaimMapperProvider = mock(OpenIdConnectTokenClaimMapperProvider.class);
OpenIdConnectTokenClaimMapper mockClaimMapper = mock(OpenIdConnectTokenClaimMapper.class);
when(mockClaimMapperProvider.getClaimMapper(any(OpenIdConnectTokenConfig.class))).thenReturn(mockClaimMapper);
when(mockClaimMapper.getCustomClaims(mockSSOToken, mappedClaimConfig)).thenReturn(mappedClaimAttributes);
long authTime = System.currentTimeMillis() / 1000;
OpenIdConnectTokenGenerationState openIdConnectTokenGenerationState = buildOpenIdConnectTokenGenerationState(authTime);
when(mockTokenGenerationInvocationState.getOpenIdConnectTokenGenerationState()).thenReturn(openIdConnectTokenGenerationState);
String oidcToken = new OpenIdConnectTokenGenerationImpl(mockSSOTokenIdentity, new JwtBuilderFactory(), mockClaimMapperProvider, mock(CTSTokenPersistence.class), mock(Logger.class)).generate(mockSSOToken, mockSTSInstanceState, mockTokenGenerationInvocationState);
SignedJwt signedJwt = reconstructSignedJwt(oidcToken);
JwtClaimsSet jwtClaimsSet = signedJwt.getClaimsSet();
assertEquals(SUBJECT_NAME, jwtClaimsSet.getSubject());
assertEquals(AUDIENCE, jwtClaimsSet.getAudience().get(0));
assertEquals(AUTHN_CLASS_REFERENCE, jwtClaimsSet.getClaim("acr", String.class));
assertEquals(ISSUER, jwtClaimsSet.getIssuer());
assertEquals(EMAIL_CLAIM_VALUE, jwtClaimsSet.get(EMAIL_CLAIM_KEY).asString());
assertTrue(verifyRSASignature(signedJwt, openIdConnectTokenConfig));
}
Also used :
JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory)
SSOToken(com.iplanet.sso.SSOToken)
STSInstanceState(org.forgerock.openam.sts.tokengeneration.state.STSInstanceState)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
OpenIdConnectTokenConfig(org.forgerock.openam.sts.config.user.OpenIdConnectTokenConfig)
TokenGenerationServiceInvocationState(org.forgerock.openam.sts.service.invocation.TokenGenerationServiceInvocationState)
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
SSOTokenIdentity(org.forgerock.openam.sts.tokengeneration.SSOTokenIdentity)
OpenIdConnectTokenPKIProviderImpl(org.forgerock.openam.sts.tokengeneration.oidc.crypto.OpenIdConnectTokenPKIProviderImpl)
OpenIdConnectTokenGenerationState(org.forgerock.openam.sts.service.invocation.OpenIdConnectTokenGenerationState)
STSInstanceConfig(org.forgerock.openam.sts.config.user.STSInstanceConfig)
Test(org.testng.annotations.Test)
Example 28 with SSOToken
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class UmaPolicyServiceImplTest method createContextForLoggedInUser.
private Context createContextForLoggedInUser(String userShortName) throws SSOException {
SubjectContext subjectContext = mock(SSOTokenContext.class);
SSOToken ssoToken = mock(SSOToken.class);
Principal principal = mock(Principal.class);
given(subjectContext.getCallerSSOToken()).willReturn(ssoToken);
given(ssoToken.getProperty(Constants.UNIVERSAL_IDENTIFIER)).willReturn("id=" + userShortName + ",ou=REALM,dc=forgerock,dc=org");
given(ssoToken.getPrincipal()).willReturn(principal);
given(principal.getName()).willReturn(userShortName);
return ClientContext.newInternalClientContext(new RealmContext(subjectContext));
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
RealmContext(org.forgerock.openam.rest.RealmContext)
SubjectContext(org.forgerock.openam.rest.resource.SubjectContext)
Principal(java.security.Principal)
Example 29 with SSOToken
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class Notifier method run.
public void run() {
try {
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
Set<String> serverURLs = ServerConfiguration.getServerInfo(adminToken);
for (String url : serverURLs) {
int idx = url.indexOf("|");
if (idx != -1) {
url = url.substring(0, idx);
}
if (sitemonitorDisabled || !url.equals(currentServerInstance)) {
String strURL = url + NotificationServlet.CONTEXT_PATH + "/" + action;
StringBuilder buff = new StringBuilder();
boolean bFirst = true;
for (String k : params.keySet()) {
if (bFirst) {
bFirst = false;
} else {
buff.append("&");
}
buff.append(URLEncoder.encode(k, "UTF-8")).append("=").append(URLEncoder.encode(params.get(k), "UTF-8"));
}
for (int i = 0; i < NUM_RETRY; i++) {
if (postRequest(strURL, buff.toString())) {
break;
} else {
try {
Thread.sleep(WAIT_BETWEEN_RETRY);
} catch (InterruptedException ex) {
//DO NOTHING
}
}
}
}
}
} catch (UnsupportedEncodingException ex) {
PolicyConstants.DEBUG.error("Notifier.notifyChanges", ex);
} catch (IOException ex) {
PolicyConstants.DEBUG.error("Notifier.notifyChanges", ex);
} catch (SMSException ex) {
PolicyConstants.DEBUG.error("Notifier.notifyChanges", ex);
} catch (SSOException ex) {
PolicyConstants.DEBUG.error("DataStore.notifyChanges", ex);
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
SMSException(com.sun.identity.sm.SMSException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
SSOException(com.iplanet.sso.SSOException)
IOException(java.io.IOException)
Example 30 with SSOToken
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class AgentMigration71 method migrate22AgentsToFAM80.
public static void migrate22AgentsToFAM80() {
try {
// Assuming upgrade scripts imported the OpenSSO
// AgentService.xml,
// migrate agents from existing DIT (AM 6.x/AM 7.x to OpenSSO
// Enterprise 8.0.
SSOToken token = getSSOToken();
// First get all the sub realms
OrganizationConfigManager ocmGet = new OrganizationConfigManager(token, "/");
Set getSet = new HashSet();
getSet.add(SMSEntry.getRootSuffix());
Set orgSet = ocmGet.getSubOrganizationNames();
if (!orgSet.isEmpty()) {
getSet.addAll(orgSet);
}
System.out.println(IdRepoBundle.getString(IdRepoErrorCode.MIGRATION_START));
Object[] args = { getSet.toString() };
System.out.println(IdRepoBundle.getString(IdRepoErrorCode.MIGRATION_GETTING_SUBREALMS, args));
String p = IdConstants.AGENTREPO_PLUGIN;
Class thisClass = Class.forName(p);
IdRepo thisPlugin = (IdRepo) thisClass.newInstance();
// identities from IdRepo node.
for (Iterator items = getSet.iterator(); items.hasNext(); ) {
String realm = (String) items.next();
AMIdentityRepository idRepo = new AMIdentityRepository(token, realm);
IdSearchResults results = idRepo.searchIdentities(IdType.AGENT, "*", new IdSearchControl());
Iterator it = results.getSearchResults().iterator();
while (it.hasNext()) {
AMIdentity iden = (AMIdentity) it.next();
String idName = iden.getName();
Object[] args1 = { idName };
System.out.println(IdRepoBundle.getString(IdRepoErrorCode.MIGRATION_IDNAME, args1));
Map attrs = iden.getAttributes();
attrs.remove("cn");
attrs.remove("dn");
attrs.remove("objectclass");
attrs.remove("sunidentityserverdevicetype");
attrs.remove("sunidentityserverdeviceversion");
attrs.remove("uid");
if (attrs.containsKey("sunidentityserverdevicestatus")) {
// To match the schema in OpenSSO's
// AgentService.xml
Set dSet = (Set) attrs.get("sunidentityserverdevicestatus");
attrs.remove("sunidentityserverdevicestatus");
attrs.put("sunIdentityServerDeviceStatus", dSet);
}
Object[] args2 = { attrs.toString() };
System.out.println(IdRepoBundle.getString(IdRepoErrorCode.MIGRATION_AGENT_ATTRIBUTES, args2));
thisPlugin.create(token, IdType.AGENTONLY, idName, attrs);
}
// Now upgrade scripts should reset the revision number of
// idRepoService.xml from 20 to 30 to add the AgentRepo
// as IdRepo Plugin and to display these migrated agents
// under 'Configuration/Agents' tab.
}
System.out.println(IdRepoBundle.getString(IdRepoErrorCode.MIGRATION_COMPLETED));
} catch (Exception ex2) {
System.out.println(IdRepoBundle.getString(IdRepoErrorCode.MIGRATION_TO_FAM80_FAILED));
ex2.printStackTrace();
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
HashSet(java.util.HashSet)
SSOException(com.iplanet.sso.SSOException)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
Iterator(java.util.Iterator)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Aggregations
SSOToken (com.iplanet.sso.SSOToken)776
SSOException (com.iplanet.sso.SSOException)390
Set (java.util.Set)226
SMSException (com.sun.identity.sm.SMSException)218
HashSet (java.util.HashSet)179
IdRepoException (com.sun.identity.idm.IdRepoException)144
HashMap (java.util.HashMap)130
Test (org.testng.annotations.Test)130
CLIException (com.sun.identity.cli.CLIException)117
Iterator (java.util.Iterator)115
AMIdentity (com.sun.identity.idm.AMIdentity)113
Map (java.util.Map)113
IOutput (com.sun.identity.cli.IOutput)99
IOException (java.io.IOException)68
List (java.util.List)57
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)56
IdType (com.sun.identity.idm.IdType)54
ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)53
EntitlementException (com.sun.identity.entitlement.EntitlementException)52
ServiceConfig (com.sun.identity.sm.ServiceConfig)52
