Example 6 with CircleOfTrustDescriptor
use of com.sun.identity.cot.CircleOfTrustDescriptor in project OpenAM by OpenRock.
the class FSAuthDomainsModelImpl method getAttributeValues.
/**
* Returns attribute values.
*
* @param name Name of authentication domain.
* @return Map of attribute name to values.
* @throws AMConsoleException if attribute values cannot be retrieved.
*/
public Map getAttributeValues(String realm, String name) throws AMConsoleException {
Map values = new HashMap(16);
String[] param = { realm, name };
logEvent("ATTEMPT_GET_AUTH_DOMAIN_ATTR_VALUES", param);
try {
CircleOfTrustManager manager = getCircleOfTrustManager();
CircleOfTrustDescriptor desc = manager.getCircleOfTrust(realm, name);
values.put(TF_DESCRIPTION, AMAdminUtils.wrapInSet(desc.getCircleOfTrustDescription()));
values.put(TF_IDFF_WRITER_SERVICE_URL, AMAdminUtils.wrapInSet(desc.getIDFFWriterServiceURL()));
values.put(TF_IDFF_READER_SERVICE_URL, AMAdminUtils.wrapInSet(desc.getIDFFReaderServiceURL()));
values.put(TF_SAML2_WRITER_SERVICE_URL, AMAdminUtils.wrapInSet(desc.getSAML2WriterServiceURL()));
values.put(TF_SAML2_READER_SERVICE_URL, AMAdminUtils.wrapInSet(desc.getSAML2ReaderServiceURL()));
values.put(SINGLE_CHOICE_REALM, AMAdminUtils.wrapInSet(desc.getCircleOfTrustRealm()));
values.put(SINGLE_CHOICE_STATUS, AMAdminUtils.wrapInSet(desc.getCircleOfTrustStatus()));
logEvent("SUCCEED_GET_AUTH_DOMAIN_ATTR_VALUES", param);
} catch (COTException e) {
String strError = getErrorString(e);
String[] paramsEx = { realm, name, strError };
logEvent("FEDERATION_EXCEPTION_GET_AUTH_DOMAIN_ATTR_VALUES", paramsEx);
throw new AMConsoleException(strError);
}
return values;
}
Also used :
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
HashMap(java.util.HashMap)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
COTException(com.sun.identity.cot.COTException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 7 with CircleOfTrustDescriptor
use of com.sun.identity.cot.CircleOfTrustDescriptor in project OpenAM by OpenRock.
the class FSPostLogin method doConsentToIntro.
/**
* Returns the Introduction Writer URL.
*
* @param metaAlias the provider alias.
* @param targetURL the url the writer servlet will redirect to.
* @param cotSelected the name of the Circle fo Trust.
* @return the writer url.
* @exception FSPostLoginException on error.
*/
private String doConsentToIntro(String metaAlias, String targetURL, String cotSelected) throws FSPostLoginException {
String tldURL = null;
try {
if (entityID == null) {
if (metaManager != null) {
entityID = metaManager.getEntityIDByMetaAlias(metaAlias);
}
}
if (realm == null) {
realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
}
CircleOfTrustManager cotManager = new CircleOfTrustManager();
CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotSelected);
if (cotDesc != null && (cotDesc.getCircleOfTrustStatus()).equalsIgnoreCase(IFSConstants.ACTIVE)) {
tldURL = cotDesc.getIDFFWriterServiceURL();
}
} catch (IDFFMetaException metaExp) {
FSUtils.debug.error("FSPostLogin::doConsentToIntro in cot managment expextion:", metaExp);
tldURL = null;
} catch (COTException meta2Exp) {
FSUtils.debug.error("FSPostLogin::doConsentToIntro in cot managment expextion:", meta2Exp);
tldURL = null;
}
String redirectURL = targetURL;
if (tldURL != null && entityID != null) {
redirectURL = new StringBuffer().append(tldURL).append(IFSConstants.QUESTION_MARK).append(IFSConstants.LRURL).append(IFSConstants.EQUAL_TO).append(URLEncDec.encode(targetURL)).append(IFSConstants.AMPERSAND).append(IFSConstants.PROVIDER_ID_KEY).append(IFSConstants.EQUAL_TO).append(URLEncDec.encode(entityID)).toString();
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::doConsentToIntro return url" + redirectURL);
}
return redirectURL;
}
Also used :
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
COTException(com.sun.identity.cot.COTException)
Example 8 with CircleOfTrustDescriptor
use of com.sun.identity.cot.CircleOfTrustDescriptor in project OpenAM by OpenRock.
the class FSIDPFinderService method getCommonDomainIDP.
/**
* Gets a preferred IDP from the common domain cookie.
* @param request HttpServletRequest
* @param response HttpServletResponse
* @param realm The realm under which the entity resides.
* @param entityID Hosted entity ID.
* @param requestID Original Authentication Request ID.
* @exception FSRedirectException for the redirection.
* IOException for any redirection failure.
*/
private String getCommonDomainIDP(HttpServletRequest request, HttpServletResponse response, String realm, String entityID, String requestID) throws FSRedirectException, IOException {
String idpID = FSUtils.findPreferredIDP(realm, request);
if (idpID != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP:" + "Preferred IDP found from the common domain." + idpID);
}
if (requestCotSetMap.containsKey(requestID)) {
requestCotSetMap.remove(requestID);
}
return idpID;
}
Set tmpCotSet = (Set) requestCotSetMap.get(requestID);
if (tmpCotSet == null) {
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
List cotList = null;
if (metaManager != null) {
BaseConfigType spConfig = metaManager.getSPDescriptorConfig(realm, entityID);
cotList = IDFFMetaUtils.getAttributeValueFromConfig(spConfig, IFSConstants.COT_LIST);
}
if (cotList != null) {
tmpCotSet = new HashSet();
tmpCotSet.addAll(cotList);
}
} catch (IDFFMetaException ie) {
FSUtils.debug.error("FSIDPFinderService.getCommonDomainIDP:cannot get meta:", ie);
return null;
}
}
if (tmpCotSet == null || tmpCotSet.isEmpty()) {
FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP::No more Cots.");
if (requestCotSetMap.containsKey(requestID)) {
requestCotSetMap.remove(requestID);
}
return null;
}
Iterator iter = tmpCotSet.iterator();
while (iter.hasNext()) {
String cotName = (String) iter.next();
iter.remove();
requestCotSetMap.put(requestID, tmpCotSet);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP: Trying Cot: " + cotName);
}
String readerServiceURL = null;
try {
CircleOfTrustManager cotManager = new CircleOfTrustManager();
CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotName);
if (cotDesc != null && (cotDesc.getCircleOfTrustStatus()).equalsIgnoreCase(IFSConstants.ACTIVE)) {
readerServiceURL = cotDesc.getIDFFReaderServiceURL();
}
} catch (COTException fe) {
FSUtils.debug.error("FSIDPFinderService.getCommonDomainIDP:" + "Unable to retrieve reader service url.", fe);
}
if (readerServiceURL != null) {
String baseURL = FSServiceUtils.getBaseURL(request);
StringBuffer returnURL = new StringBuffer(300);
returnURL.append(baseURL).append(IFSConstants.IDP_FINDER_URL).append("?").append("RequestID").append("=").append(URLEncDec.encode(requestID)).append("&").append("Realm=").append(URLEncDec.encode(realm)).append("&").append("ProviderID=").append(URLEncDec.encode(entityID));
StringBuffer redirectURL = new StringBuffer(300);
redirectURL.append(readerServiceURL).append("?").append(IFSConstants.LRURL).append("=").append(URLEncDec.encode(returnURL.toString()));
String url = redirectURL.toString();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP:Redirection URL:" + url);
}
response.setHeader("Location", url);
response.sendRedirect(url);
throw new FSRedirectException(FSUtils.bundle.getString("Redirection_Happened"));
}
}
return null;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
COTException(com.sun.identity.cot.COTException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashSet(java.util.HashSet)
Example 9 with CircleOfTrustDescriptor
use of com.sun.identity.cot.CircleOfTrustDescriptor in project OpenAM by OpenRock.
the class SAML2IDPProxyImpl method getPreferredIDP.
/**
* Returns a list of preferred IDP providerIDs.
* @param authnRequest original authnrequest
* @param hostProviderID ProxyIDP providerID.
* @param realm Realm
* @param request HttpServletRequest
* @param response HttpServletResponse
* @return a list of providerID's of the authenticating providers to be
* proxied or <code>null</code> to disable the proxying and continue
* for the localauthenticating provider.
* @exception SAML2Exception if error occurs.
*/
public List getPreferredIDP(AuthnRequest authnRequest, String hostProviderID, String realm, HttpServletRequest request, HttpServletResponse response) throws SAML2Exception {
String classMethod = "SAML2IDPProxyImpl.getPreferredIDP:";
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "Init.");
}
try {
SAML2MetaManager sm = new SAML2MetaManager();
// Retreive MetaData
if (sm == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
}
SPSSOConfigElement spEntityCfg = sm.getSPSSOConfig(realm, authnRequest.getIssuer().getValue());
Map spConfigAttrsMap = null;
if (spEntityCfg != null) {
spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg);
}
String useIntroductionForProxying = SPSSOFederate.getParameter(spConfigAttrsMap, SAML2Constants.USE_INTRODUCTION_FOR_IDP_PROXY);
List providerIDs = new ArrayList();
if (useIntroductionForProxying == null || !useIntroductionForProxying.equals("true")) {
List proxyIDPs = null;
if ((spConfigAttrsMap != null) && (!spConfigAttrsMap.isEmpty())) {
proxyIDPs = (List) spConfigAttrsMap.get(SAML2Constants.IDP_PROXY_LIST);
}
if (proxyIDPs == null || proxyIDPs.isEmpty()) {
SAML2Utils.debug.error("SAML2IDPProxyImpl.getPrefferedIDP:" + "Preferred IDPs are null.");
return null;
}
providerIDs.add(proxyIDPs.iterator().next());
return providerIDs;
} else {
/* IDP Proxy with introduction cookie case*/
String idpEntityID = null;
List cotList = (List) spConfigAttrsMap.get("cotlist");
String cotListStr = (String) cotList.iterator().next();
CircleOfTrustManager cotManager = new CircleOfTrustManager();
CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotListStr);
String readerURL = cotDesc.getSAML2ReaderServiceURL();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "SAMLv2 idp" + "discovery reader URL = " + readerURL);
}
if (readerURL != null && (!readerURL.equals(""))) {
String rID = SAML2Utils.generateID();
String redirectURL = SAML2Utils.getRedirectURL(readerURL, rID, request);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.error(classMethod + "Redirect url = " + redirectURL);
}
if (redirectURL != null) {
response.sendRedirect(redirectURL);
Map aMap = new HashMap();
SPCache.reqParamHash.put(rID, aMap);
providerIDs.add(rID);
return providerIDs;
}
}
}
return null;
} catch (SAML2MetaException ex) {
SAML2Utils.debug.error(classMethod + "meta Exception in retrieving the preferred IDP", ex);
return null;
} catch (COTException sme) {
SAML2Utils.debug.error(classMethod + "Error retreiving COT ", sme);
return null;
} catch (Exception e) {
SAML2Utils.debug.error(classMethod + "Exception in retrieving the preferred IDP", e);
return null;
}
}
Also used :
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
HashMap(java.util.HashMap)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
ArrayList(java.util.ArrayList)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
COTException(com.sun.identity.cot.COTException)
COTException(com.sun.identity.cot.COTException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 10 with CircleOfTrustDescriptor
use of com.sun.identity.cot.CircleOfTrustDescriptor in project OpenAM by OpenRock.
the class LibertyManager method getListOfCOTs.
/**
* Returns the List of COTs for the given Provider under a realm.
*
* @param realm The realm under which the entity resides.
* @param providerId The ID of the provider whose <code>COTList</code>
* is to be found
* @param providerRole The Role of the provider whose <code>COTList</code>
* is to be found
* @return The set containing the authentication domains for the given
* provider.
*/
public static Set getListOfCOTs(String realm, String providerId, String providerRole) {
Set returnSet = new HashSet();
BaseConfigType hostConfig = IDFFMetaUtils.getExtendedConfig(realm, providerId, providerRole, metaManager);
if (hostConfig != null) {
List cotSet = IDFFMetaUtils.getAttributeValueFromConfig(hostConfig, IFSConstants.COT_LIST);
if (cotSet != null && !cotSet.isEmpty()) {
Iterator iter = cotSet.iterator();
while (iter.hasNext()) {
String cotID = (String) iter.next();
try {
CircleOfTrustManager cotManager = new CircleOfTrustManager();
CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotID);
String tldURL = cotDesc.getIDFFWriterServiceURL();
String cotStatus = cotDesc.getCircleOfTrustStatus();
if (tldURL != null && tldURL.length() > 0 && cotStatus.equalsIgnoreCase(IFSConstants.ACTIVE)) {
returnSet.add((String) cotID);
}
} catch (COTException fsExp) {
debug.error("LibertyManager: getListOfCots " + "COTException caught ", fsExp);
}
}
}
if (returnSet != null && returnSet.size() > 0) {
if (debug.messageEnabled()) {
debug.message("LibertyManager: getListOfCots returning " + " cot set with " + returnSet);
}
} else {
if (debug.messageEnabled()) {
debug.message("LibertyManager::getListOfCots returning" + " null. Looks like COT is not set");
}
}
}
return returnSet;
}
Also used :
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
HashSet(java.util.HashSet)
Set(java.util.Set)
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
COTException(com.sun.identity.cot.COTException)
HashSet(java.util.HashSet)
Aggregations
CircleOfTrustDescriptor (com.sun.identity.cot.CircleOfTrustDescriptor)20
CircleOfTrustManager (com.sun.identity.cot.CircleOfTrustManager)16
COTException (com.sun.identity.cot.COTException)15
HashSet (java.util.HashSet)9
Set (java.util.Set)9
ArrayList (java.util.ArrayList)7
Iterator (java.util.Iterator)7
List (java.util.List)7
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)6
HashMap (java.util.HashMap)5
Map (java.util.Map)5
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)4
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)4
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)3
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)3
CLIRequest (com.sun.identity.cli.CLIRequest)2
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)2
SessionException (com.sun.identity.plugin.session.SessionException)2
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)2
IOException (java.io.IOException)2
