Example 31 with COTException
use of com.sun.identity.cot.COTException in project OpenAM by OpenRock.
the class IDFFMetaManager method removeFromCircleOfTrust.
/**
* Remove entity identifier from circle of trust.
*
* @param realm The realm under which the entity resides.
* @param config the <code>BaseConfigType</code> object
* which is the entity config.
* @param entityId the entity identifier.
*/
private void removeFromCircleOfTrust(BaseConfigType config, String realm, String entityId) {
String classMethod = "IDFFMetaManager:removeFromCircleOfTrust:";
try {
if (config != null) {
Map attr = IDFFMetaUtils.getAttributes(config);
List cotAttr = (List) attr.get(COTConstants.COT_LIST);
List cotList = new ArrayList(cotAttr);
if ((cotList != null) && !cotList.isEmpty()) {
for (Iterator iter = cotList.iterator(); iter.hasNext(); ) {
String cotName = (String) iter.next();
if (cotName != null && cotName.length() > 0) {
try {
cotManager.removeCircleOfTrustMember(realm, cotName, COTConstants.IDFF, entityId);
} catch (COTException ce) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Invalid COT: " + cotName);
}
}
}
}
}
}
} catch (Exception e) {
debug.error("IDFFMetaManager.removeFromCircleOfTrust:" + "Error while removing entity " + entityId + " from COT.", e);
}
}
Also used :
ArrayList(java.util.ArrayList)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
COTException(com.sun.identity.cot.COTException)
Map(java.util.Map)
COTException(com.sun.identity.cot.COTException)
ConfigurationException(com.sun.identity.plugin.configuration.ConfigurationException)
JAXBException(javax.xml.bind.JAXBException)
Example 32 with COTException
use of com.sun.identity.cot.COTException in project OpenAM by OpenRock.
the class FSIntersiteTransferService method redirectToCommonDomain.
private void redirectToCommonDomain(HttpServletRequest request, HttpServletResponse response, String requestID) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService." + "redirectToCommonDomain: Called");
}
String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
HttpSession session = request.getSession(true);
Set cotSet = (Set) session.getAttribute(IFSConstants.SESSION_COTSET_ATTR);
CircleOfTrustManager cotManager = new CircleOfTrustManager();
if (cotSet == null) {
cotSet = cotManager.getAllCirclesOfTrust(realm);
if (cotSet != null) {
session.setAttribute(IFSConstants.SESSION_COTSET_ATTR, cotSet);
}
if (cotSet == null || cotSet.isEmpty()) {
FSUtils.debug.error("FSIntersiteTransferService. redirect" + "ToCommonDomain: No CommonDomain metadata found");
String[] data = { FSUtils.bundle.getString("noCommonDomainMetadata") };
LogUtil.error(Level.INFO, LogUtil.COMMON_DOMAIN_META_DATA_NOT_FOUND, data);
//response.sendRedirect(framedLoginPageURL);
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
}
if (cotSet.isEmpty()) {
FSUtils.debug.error("FSIntersiteTransferService." + "redirectToCommonDomain: No more CommonDomain left");
String[] data = { FSUtils.bundle.getString("noCommonDomainMetadata") };
LogUtil.error(Level.INFO, LogUtil.COMMON_DOMAIN_META_DATA_NOT_FOUND, data);
//response.sendRedirect(framedLoginPageURL);
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
Iterator iter = cotSet.iterator();
String cotName = (String) iter.next();
cotSet.remove(cotName);
session.setAttribute(IFSConstants.SESSION_COTSET_ATTR, cotSet);
String readerServiceURL = cotManager.getCircleOfTrust(realm, cotName).getIDFFReaderServiceURL();
if (readerServiceURL != null) {
StringBuffer redirectURL = new StringBuffer(300);
StringBuffer returnURL = request.getRequestURL();
returnURL.append("?").append(IFSConstants.AUTH_REQUEST_ID).append("=").append(URLEncDec.encode(requestID));
returnURL.append("&").append(IFSConstants.META_ALIAS).append("=").append(URLEncDec.encode(metaAlias));
redirectURL.append(readerServiceURL);
redirectURL.append("?");
redirectURL.append(IFSConstants.LRURL);
redirectURL.append("=");
redirectURL.append(URLEncDec.encode(returnURL.toString()));
String url = redirectURL.toString();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService." + "redirectToCommonDomain: " + "Redirecting to check for PrefferedIDP @:" + url);
}
response.setHeader("Location", url);
response.sendRedirect(url);
return;
}
} catch (COTException e) {
FSUtils.debug.error("FSIntersiteTransferService." + "redirectToCommonDomain: " + "COTException occured while trying to " + "redirect to the CommonDomain: ", e);
try {
//response.sendRedirect(framedLoginPageURL);
FSUtils.forwardRequest(request, response, framedLoginPageURL);
} catch (Exception ex) {
FSUtils.debug.error("FSIntersiteTransferService." + "redirectToCommonDomain: IOException : ", ex);
}
return;
} catch (IOException e) {
FSUtils.debug.error("FSIntersiteTransferService." + "redirectToCommonDomain: IOException" + " occured while trying to redirect to the CommonDomain: ", e);
return;
}
}
Also used :
Set(java.util.Set)
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
HttpSession(javax.servlet.http.HttpSession)
Iterator(java.util.Iterator)
COTException(com.sun.identity.cot.COTException)
IOException(java.io.IOException)
ServletException(javax.servlet.ServletException)
FSSignatureException(com.sun.identity.federation.services.util.FSSignatureException)
COTException(com.sun.identity.cot.COTException)
IOException(java.io.IOException)
Example 33 with COTException
use of com.sun.identity.cot.COTException in project OpenAM by OpenRock.
the class SAML2IDPProxyFRImpl method getPreferredIDP.
/**
* Returns a list of preferred IDP providerIDs.
* @param authnRequest original authnrequest
* @param hostProviderID ProxyIDP providerID.
* @param realm Realm
* @param request HttpServletRequest
* @param response HttpServletResponse
* @return a list of providerID's of the authenticating providers to be
* proxied or <code>null</code> to disable the proxying and continue
* for the localauthenticating provider.
* @exception SAML2Exception if error occurs.
*/
public List getPreferredIDP(AuthnRequest authnRequest, String hostProviderID, String realm, HttpServletRequest request, HttpServletResponse response) throws SAML2Exception {
// Entering the class and method
String methodName = "getPreferredIDP";
String classMethod = className + methodName + ":";
debugMessage(methodName, "Entering.");
Boolean isIdpFinderForAllSPsEnabled = isIDPFinderForAllSPs(realm, hostProviderID);
// Start the logic to obtain the list of preferred IdPs
try {
// Inititate the metadata manager
SAML2MetaManager sm = new SAML2MetaManager();
if (sm == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
}
// Obtain the SP configuration
try {
spSSODescriptor = IDPSSOUtil.metaManager.getSPSSODescriptor(realm, authnRequest.getIssuer().getValue().toString());
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error(classMethod, sme);
spSSODescriptor = null;
}
// Get the relay state from the request, if exists
relayState = request.getParameter(SAML2Constants.RELAY_STATE);
binding = SAML2Constants.HTTP_REDIRECT;
if (request.getMethod().equals("POST")) {
binding = SAML2Constants.HTTP_POST;
}
// Read the local metadata of the SP that made the request
SPSSOConfigElement spEntityCfg = sm.getSPSSOConfig(realm, authnRequest.getIssuer().getValue());
Map spConfigAttrsMap = null;
if (spEntityCfg != null) {
spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg);
}
// Check if the local configuration of the remote SP wants to use
// the Introduction Cookie
Boolean isIntroductionForProxyingEnabled = false;
String useIntroductionForProxying = SPSSOFederate.getParameter(spConfigAttrsMap, SAML2Constants.USE_INTRODUCTION_FOR_IDP_PROXY);
if (useIntroductionForProxying != null)
isIntroductionForProxyingEnabled = useIntroductionForProxying.equalsIgnoreCase("true");
// Check if the local configuration of the remote SP wants to use
// the IDP Finder
Boolean isIdPFinderEnabled = false;
String idpFinderEnabled = SPSSOFederate.getParameter(spConfigAttrsMap, IDP_FINDER_ENABLED_IN_SP);
if (idpFinderEnabled != null)
isIdPFinderEnabled = idpFinderEnabled.equalsIgnoreCase("true");
String idpFinderJSP = getIDPFinderJSP(realm, hostProviderID);
// providerIDs will contain the list of IdPs to return from this method
List providerIDs = new ArrayList();
// extended metadata
if (!isIntroductionForProxyingEnabled && !isIdPFinderEnabled && !isIdpFinderForAllSPsEnabled) {
debugMessage(methodName, " idpFinder wil use the static list of the SP");
List<String> proxyIDPs = null;
if (spConfigAttrsMap != null && !spConfigAttrsMap.isEmpty()) {
proxyIDPs = (List<String>) spConfigAttrsMap.get(SAML2Constants.IDP_PROXY_LIST);
}
debugMessage(methodName, " List from the configuration: " + proxyIDPs);
if (proxyIDPs == null || proxyIDPs.isEmpty()) {
SAML2Utils.debug.error("SAML2IDPProxyImpl.getPrefferedIDP:" + "Preferred IDPs are null.");
return null;
}
// give the user the chance to select one interactively
if (proxyIDPs.size() > 1) {
String idpListSt = selectIDPBasedOnLOA(proxyIDPs, realm, authnRequest);
// Construct the IDPFinder URL to redirect to
String idpFinder = getRedirect(request, idpFinderJSP);
// Generate the requestID
String requestID = SAML2Utils.generateID();
// Store the important stuff and the session parameters so the
// idpFinderImplemenatation can read them and process them
storeSessionParamsAndCache(request, idpListSt, authnRequest, hostProviderID, realm, requestID);
debugMessage(methodName, ": Redirect url = " + idpFinder);
response.sendRedirect(idpFinder);
// return something different than null
providerIDs.add(requestID);
debugMessage(methodName, " Redirected successfully");
return providerIDs;
}
providerIDs.add(proxyIDPs.iterator().next());
return providerIDs;
}
// and it does not want to use the introduction cookie
if (!isIntroductionForProxyingEnabled && (isIdPFinderEnabled || isIdpFinderForAllSPsEnabled)) {
debugMessage(methodName, "SP wants to use IdP Finder");
String idpListSt = idpList(authnRequest, realm);
if (!idpListSt.trim().isEmpty()) {
// Construct the IDPFinder URL to redirect to
String idpFinder = getRedirect(request, idpFinderJSP);
// Generate the requestID
String requestID = SAML2Utils.generateID();
// Store the important stuff and the session parameters so the
// idpFinderImplemenatation can read them and process them
storeSessionParamsAndCache(request, idpListSt, authnRequest, hostProviderID, realm, requestID);
debugMessage(methodName, ": Redirect url = " + idpFinder);
response.sendRedirect(idpFinder);
// return something different than null
providerIDs.add(requestID);
debugMessage(methodName, " Redirected successfully");
return providerIDs;
} else {
return null;
}
} else {
// IDP Proxy with introduction cookie
List cotList = (List) spConfigAttrsMap.get("cotlist");
String cotListStr = (String) cotList.iterator().next();
CircleOfTrustManager cotManager = new CircleOfTrustManager();
CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotListStr);
String readerURL = cotDesc.getSAML2ReaderServiceURL();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "SAMLv2 idp" + "discovery reader URL = " + readerURL);
}
if (readerURL != null && (!readerURL.equals(""))) {
String rID = SAML2Utils.generateID();
String redirectURL = SAML2Utils.getRedirectURL(readerURL, rID, request);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.error(classMethod + "Redirect url = " + redirectURL);
}
if (redirectURL != null) {
response.sendRedirect(redirectURL);
Map aMap = new HashMap();
SPCache.reqParamHash.put(rID, aMap);
providerIDs.add(rID);
return providerIDs;
}
}
}
return null;
} catch (SAML2MetaException ex) {
SAML2Utils.debug.error(classMethod + "meta Exception in retrieving the preferred IDP", ex);
return null;
} catch (COTException sme) {
SAML2Utils.debug.error(classMethod + "Error retreiving COT ", sme);
return null;
} catch (Exception e) {
SAML2Utils.debug.error(classMethod + "Exception in retrieving the preferred IDP", e);
return null;
}
}
Also used :
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
HashMap(java.util.HashMap)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
ArrayList(java.util.ArrayList)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
COTException(com.sun.identity.cot.COTException)
COTException(com.sun.identity.cot.COTException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ArrayList(java.util.ArrayList)
List(java.util.List)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 34 with COTException
use of com.sun.identity.cot.COTException in project OpenAM by OpenRock.
the class IDPSSOUtil method getWriterURL.
private static String getWriterURL(String realm, String idpEntityID, String spEntityID) {
String classMethod = "IDPSSOUtil.getWriterURL: ";
String writerURL = null;
try {
// get cot list of the idp
IDPSSOConfigElement idpEntityCfg = metaManager.getIDPSSOConfig(realm, idpEntityID);
Map idpConfigAttrsMap = null;
if (idpEntityCfg != null) {
idpConfigAttrsMap = SAML2MetaUtils.getAttributes(idpEntityCfg);
}
if ((idpConfigAttrsMap == null) || (idpConfigAttrsMap.size() == 0)) {
return null;
}
List idpCOTList = (List) idpConfigAttrsMap.get(SAML2Constants.COT_LIST);
if ((idpCOTList == null) || (idpCOTList.size() == 0)) {
return null;
}
// get cot list of the sp
SPSSOConfigElement spEntityCfg = metaManager.getSPSSOConfig(realm, spEntityID);
Map spConfigAttrsMap = null;
if (spEntityCfg != null) {
spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg);
}
if ((spConfigAttrsMap == null) || (spConfigAttrsMap.size() == 0)) {
return null;
}
List spCOTList = (List) spConfigAttrsMap.get(SAML2Constants.COT_LIST);
if ((spCOTList == null) || (spCOTList.size() == 0)) {
return null;
}
// retain in the idpCOTList the intersection of two lists
idpCOTList.retainAll(spCOTList);
for (int i = 0; i < idpCOTList.size(); i++) {
String cotName = (String) idpCOTList.get(i);
CircleOfTrustDescriptor cotDescriptor = cotManager.getCircleOfTrust(realm, cotName);
writerURL = cotDescriptor.getSAML2WriterServiceURL();
if ((writerURL != null) && (writerURL.trim().length() != 0)) {
break;
}
}
} catch (COTException ce) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "Error retreiving of " + "circle of trust", ce);
}
} catch (SAML2Exception se) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "Not able to getting writer URL : ", se);
}
} catch (Exception e) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "Not able to getting writer URL : ", e);
}
}
return writerURL;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
List(java.util.List)
ArrayList(java.util.ArrayList)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
COTException(com.sun.identity.cot.COTException)
Map(java.util.Map)
HashMap(java.util.HashMap)
SAML2InvalidNameIDPolicyException(com.sun.identity.saml2.common.SAML2InvalidNameIDPolicyException)
SessionException(com.sun.identity.plugin.session.SessionException)
COTException(com.sun.identity.cot.COTException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
IOException(java.io.IOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Example 35 with COTException
use of com.sun.identity.cot.COTException in project OpenAM by OpenRock.
the class ImportMetaData method handleSAML2Request.
private void handleSAML2Request(RequestContext rc) throws CLIException {
try {
SAML2MetaManager metaManager = new SAML2MetaManager(ssoToken);
EntityConfigElement configElt = null;
List<String> newMetaAliases = null;
if (extendedData != null) {
configElt = geEntityConfigElement();
/*
* see note at the end of this class for how we decide
* the realm value
*/
if (configElt != null && configElt.isHosted()) {
List<BaseConfigType> config = configElt.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
if (!config.isEmpty()) {
BaseConfigType bConfig = (BaseConfigType) config.iterator().next();
realm = SAML2MetaUtils.getRealmByMetaAlias(bConfig.getMetaAlias());
newMetaAliases = getMetaAliases(config);
}
}
}
List<String> entityIds = null;
// Load the metadata if it has been provided
if (metadata != null) {
entityIds = importSAML2Metadata(metaManager);
}
// Load the extended metadata if it has been provided
if (configElt != null) {
if (null != newMetaAliases && !newMetaAliases.isEmpty()) {
metaManager.validateMetaAliasForNewEntity(realm, newMetaAliases);
}
metaManager.createEntityConfig(realm, configElt);
}
if (entityIds != null) {
String out = (webAccess) ? "web" : metadata;
Object[] objs = { out };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("import-entity-succeeded"), objs));
}
if (configElt != null) {
String out = (webAccess) ? "web" : extendedData;
Object[] objs = { out };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("import-entity-succeeded"), objs));
}
if ((cot != null) && (cot.length() > 0) && (entityIds != null) && (!entityIds.isEmpty())) {
CircleOfTrustManager cotManager = new CircleOfTrustManager(ssoToken);
for (String entityID : entityIds) {
if (!cotManager.isInCircleOfTrust(realm, cot, spec, entityID)) {
cotManager.addCircleOfTrustMember(realm, cot, spec, entityID);
}
}
}
} catch (COTException e) {
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SAML2MetaException e) {
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
CLIException(com.sun.identity.cli.CLIException)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
COTException(com.sun.identity.cot.COTException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Aggregations
COTException (com.sun.identity.cot.COTException)42
CircleOfTrustManager (com.sun.identity.cot.CircleOfTrustManager)29
Set (java.util.Set)18
Iterator (java.util.Iterator)16
CircleOfTrustDescriptor (com.sun.identity.cot.CircleOfTrustDescriptor)15
List (java.util.List)15
Map (java.util.Map)14
ArrayList (java.util.ArrayList)13
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)12
HashMap (java.util.HashMap)11
CLIException (com.sun.identity.cli.CLIException)10
HashSet (java.util.HashSet)10
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)9
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)9
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)7
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)6
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)5
JAXBException (javax.xml.bind.JAXBException)5
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)4
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)4
