use of com.sun.identity.cli.CLIException in project OpenAM by OpenRock.
the class BulkFederation method saml2FederateUser.
private void saml2FederateUser(String localUserId, String remoteUserId, BufferedWriter out) throws CLIException {
SSOToken adminSSOToken = getAdminSSOToken();
try {
AMIdentity amid = IdUtils.getIdentity(adminSSOToken, localUserId);
String nameIdValue = createNameIdentifier();
NameID nameId = AssertionFactory.getInstance().createNameID();
nameId.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
if (isIDP) {
nameId.setNameQualifier(localEntityId);
nameId.setSPNameQualifier(remoteEntityId);
} else {
nameId.setNameQualifier(remoteEntityId);
nameId.setSPNameQualifier(localEntityId);
}
nameId.setValue(nameIdValue);
String role = (isIDP) ? SAML2Constants.IDP_ROLE : SAML2Constants.SP_ROLE;
NameIDInfoKey key = new NameIDInfoKey(nameIdValue, localEntityId, remoteEntityId);
NameIDInfo info = new NameIDInfo(localEntityId, remoteEntityId, nameId, role, true);
Map attributes = amid.getAttributes(saml2UserAttributesFed);
Set setInfoKey = (Set) attributes.get(SAML2Constants.NAMEID_INFO_KEY);
if ((setInfoKey == null) || setInfoKey.isEmpty()) {
setInfoKey = new HashSet(2);
attributes.put(SAML2Constants.NAMEID_INFO_KEY, setInfoKey);
}
setInfoKey.add(key.toValueString());
Set setInfo = (Set) attributes.get(SAML2Constants.NAMEID_INFO);
if ((setInfo == null) || setInfo.isEmpty()) {
setInfo = new HashSet(2);
attributes.put(SAML2Constants.NAMEID_INFO, setInfo);
}
setInfo.add(info.toValueString());
amid.setAttributes(attributes);
amid.store();
out.write(remoteUserId + "|" + nameIdValue);
out.newLine();
} catch (SAML2Exception e) {
debugError("BulkFederation.saml2FederateUser", e);
Object[] param = { localUserId };
throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IOException e) {
debugError("BulkFederation.saml2FederateUser", e);
Object[] param = { localUserId };
throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IdRepoException e) {
debugError("BulkFederation.saml2FederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
} catch (SSOException e) {
debugError("BulkFederation.saml2FederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
}
}
use of com.sun.identity.cli.CLIException in project OpenAM by OpenRock.
the class CreateCircleOfTrust method handleRequest.
/**
* Creates a circle of trust.
*
* @param rc Request Context.
* @throws CLIException if unable to process this request.
*/
@Override
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
ldapLogin();
realm = getStringOptionValue(FedCLIConstants.ARGUMENT_REALM, "/");
cot = getStringOptionValue(FedCLIConstants.ARGUMENT_COT);
prefix = getStringOptionValue(FedCLIConstants.ARGUMENT_PREFIX);
trustedProviders = (List) rc.getOption(FedCLIConstants.ARGUMENT_TRUSTED_PROVIDERS);
Set providers = new HashSet();
if (trustedProviders != null) {
providers.addAll(trustedProviders);
}
String[] params = { realm, cot, providers.toString(), prefix };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_CREATE_COT", params);
try {
CircleOfTrustDescriptor descriptor = ((prefix == null) || (prefix.trim().length() == 0)) ? new CircleOfTrustDescriptor(cot, realm, COTConstants.ACTIVE, "", null, null, null, null, providers) : new CircleOfTrustDescriptor(cot, realm, COTConstants.ACTIVE, "", prefix + "/idffreader", prefix + "/idffwriter", prefix + "/saml2reader", prefix + "/saml2writer", providers);
CircleOfTrustManager cotManager = new CircleOfTrustManager(ssoToken);
cotManager.createCircleOfTrust(realm, descriptor);
Object[] objs = { cot, realm };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("create-circle-of-trust-succeeded"), objs));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_CREATE_COT", params);
} catch (COTException e) {
debug.warning("CreateCircleOfTrust.handleRequest", e);
String[] args = { realm, cot, providers.toString(), prefix, e.getMessage() };
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_CREATE_COT", args);
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
use of com.sun.identity.cli.CLIException in project OpenAM by OpenRock.
the class CreateMetaDataTemplate method buildWSFedDescriptorTemplate.
private void buildWSFedDescriptorTemplate() throws CLIException {
Writer pw = null;
try {
boolean writeToFile = !isWebBased && (metadata != null) && (metadata.length() > 0);
if (writeToFile) {
pw = new PrintWriter(new FileWriter(metadata));
} else {
pw = new StringWriter();
}
String xml = CreateWSFedMetaDataTemplate.createStandardMetaTemplate(entityID, getWorkflowParamMap(), protocol + "://" + host + ":" + port + deploymentURI);
pw.write(xml);
if (writeToFile) {
Object[] objs = { metadata };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("create-meta-template-created-descriptor-template"), objs));
}
} catch (IOException e) {
Object[] objs = { metadata };
throw new CLIException(MessageFormat.format(getResourceString("cannot-write-to-file"), objs), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (JAXBException e) {
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (CertificateEncodingException e) {
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} finally {
if ((pw != null) && (pw instanceof PrintWriter)) {
((PrintWriter) pw).close();
} else {
this.getOutputWriter().printlnMessage(((StringWriter) pw).toString());
}
}
}
use of com.sun.identity.cli.CLIException in project OpenAM by OpenRock.
the class CreateMetaDataTemplate method buildIDFFConfigTemplate.
private void buildIDFFConfigTemplate() throws CLIException {
Writer pw = null;
try {
boolean writeToFile = !isWebBased && (extendedData != null) && (extendedData.length() > 0);
if (writeToFile) {
pw = new PrintWriter(new FileWriter(extendedData));
} else {
pw = new StringWriter();
}
String xml = CreateIDFFMetaDataTemplate.createExtendedMetaTemplate(entityID, getWorkflowParamMap());
pw.write(xml);
if (writeToFile) {
Object[] objs = { extendedData };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("create-meta-template-created-configuration-template"), objs));
}
} catch (IOException ex) {
Object[] objs = { extendedData };
throw new CLIException(MessageFormat.format(getResourceString("cannot-write-to-file"), objs), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} finally {
if ((pw != null) && (pw instanceof PrintWriter)) {
((PrintWriter) pw).close();
} else {
this.getOutputWriter().printlnMessage(((StringWriter) pw).toString());
}
}
}
use of com.sun.identity.cli.CLIException in project OpenAM by OpenRock.
the class CreateMetaDataTemplate method buildConfigTemplate.
private void buildConfigTemplate() throws CLIException {
Writer pw = null;
try {
boolean writeToFile = !isWebBased && (extendedData != null) && (extendedData.length() > 0);
if (writeToFile) {
pw = new PrintWriter(new FileWriter(extendedData));
} else {
pw = new StringWriter();
}
String xml = CreateSAML2HostedProviderTemplate.createExtendedDataTemplate(entityID, getWorkflowParamMap(), protocol + "://" + host + ":" + port + deploymentURI);
pw.write(xml);
if (writeToFile) {
Object[] objs = { extendedData };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("create-meta-template-created-configuration-template"), objs));
}
} catch (IOException ex) {
Object[] objs = { extendedData };
throw new CLIException(MessageFormat.format(getResourceString("cannot-write-to-file"), objs), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} finally {
if ((pw != null) && (pw instanceof PrintWriter)) {
((PrintWriter) pw).close();
} else {
this.getOutputWriter().printlnMessage(((StringWriter) pw).toString());
}
}
}
Aggregations