Example 11 with CircleOfTrustDescriptor
use of com.sun.identity.cot.CircleOfTrustDescriptor in project OpenAM by OpenRock.
the class AddProviderToCOT method addToCOT.
public static void addToCOT(String realm, String cot, String entityId) throws COTException {
CircleOfTrustManager cotManager = new CircleOfTrustManager();
if (!cotManager.getAllCirclesOfTrust(realm).contains(cot)) {
CircleOfTrustDescriptor desc = new CircleOfTrustDescriptor(cot, realm, COTConstants.ACTIVE, "", null, null, null, null, Collections.EMPTY_SET);
cotManager.createCircleOfTrust(realm, desc);
}
cotManager.addCircleOfTrustMember(realm, cot, COTConstants.SAML2, entityId);
}
Also used :
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
Example 12 with CircleOfTrustDescriptor
use of com.sun.identity.cot.CircleOfTrustDescriptor in project OpenAM by OpenRock.
the class FSAuthDomainsModelImpl method getRealm.
/**
* Returns realm that have name matching
*
* @param name Base realm name for this search. null indicates root
* suffix.
* @return realm that have name matching
* @throws AMConsoleException if search fails.
*/
public String getRealm(String name) throws AMConsoleException {
String realm = null;
Set s = getCircleOfTrustDescriptors();
for (Iterator iter = s.iterator(); iter.hasNext() && realm == null; ) {
CircleOfTrustDescriptor desc = (CircleOfTrustDescriptor) iter.next();
String cotName = desc.getCircleOfTrustName();
if (cotName.equals(name)) {
realm = desc.getCircleOfTrustRealm();
}
}
return realm;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
Iterator(java.util.Iterator)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
Example 13 with CircleOfTrustDescriptor
use of com.sun.identity.cot.CircleOfTrustDescriptor in project OpenAM by OpenRock.
the class FSAuthDomainsModelImpl method getCircleOfTrustDescriptors.
public Set getCircleOfTrustDescriptors() {
Set descSet = new HashSet();
String realm = COTConstants.ROOT_REALM;
try {
CircleOfTrustManager manager = getCircleOfTrustManager();
Set realmSet = getRealmNames("/", "*");
for (Iterator i = realmSet.iterator(); i.hasNext(); ) {
realm = (String) i.next();
Set cotSet = manager.getAllCirclesOfTrust(realm);
for (Iterator j = cotSet.iterator(); j.hasNext(); ) {
String cotName = (String) j.next();
CircleOfTrustDescriptor descriptor = manager.getCircleOfTrust(realm, cotName);
descSet.add(descriptor);
}
}
} catch (COTException e) {
String[] paramsEx = { realm, getErrorString(e) };
logEvent("FEDERATION_EXCEPTION_GET_AUTH_DOMAINS", paramsEx);
debug.warning("FSAuthDomainsModelImpl.getAuthenticationDomains", e);
} catch (AMConsoleException e) {
debug.warning("FSAuthDomainsModelImpl.getAuthenticationDomains", e);
}
return descSet;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
Iterator(java.util.Iterator)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
COTException(com.sun.identity.cot.COTException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
HashSet(java.util.HashSet)
Example 14 with CircleOfTrustDescriptor
use of com.sun.identity.cot.CircleOfTrustDescriptor in project OpenAM by OpenRock.
the class FSAuthDomainsModelImpl method createAuthenticationDomain.
/**
* Creates authentication domain.
*
* @param attrValues Map of attribute name to set of attribute values.
* @throws AMConsoleException if authentication domain created.
*/
public void createAuthenticationDomain(Map attrValues, Set providers) throws AMConsoleException {
String realm = (String) AMAdminUtils.getValue((Set) attrValues.get(SINGLE_CHOICE_REALM));
String status = (String) AMAdminUtils.getValue((Set) attrValues.get(SINGLE_CHOICE_STATUS));
String name = (String) AMAdminUtils.getValue((Set) attrValues.get(TF_NAME));
if (name.trim().length() == 0) {
throw new AMConsoleException("authdomain.authentication.domain.name.missing.message");
}
String[] param = { name };
logEvent("ATTEMPT_CREATE_AUTH_DOMAIN", param);
try {
CircleOfTrustDescriptor descriptor = new CircleOfTrustDescriptor(name, realm, status);
descriptor.setTrustedProviders(providers);
descriptor.setCircleOfTrustDescription((String) AMAdminUtils.getValue((Set) attrValues.get(TF_DESCRIPTION)));
descriptor.setIDFFReaderServiceURL((String) AMAdminUtils.getValue((Set) attrValues.get(TF_IDFF_READER_SERVICE_URL)));
descriptor.setIDFFWriterServiceURL((String) AMAdminUtils.getValue((Set) attrValues.get(TF_IDFF_WRITER_SERVICE_URL)));
descriptor.setSAML2ReaderServiceURL((String) AMAdminUtils.getValue((Set) attrValues.get(TF_SAML2_READER_SERVICE_URL)));
descriptor.setSAML2WriterServiceURL((String) AMAdminUtils.getValue((Set) attrValues.get(TF_SAML2_WRITER_SERVICE_URL)));
CircleOfTrustManager manager = getCircleOfTrustManager();
manager.createCircleOfTrust(realm, descriptor);
logEvent("SUCCEED_CREATE_AUTH_DOMAIN", param);
} catch (COTException e) {
String strError = getErrorString(e);
String[] paramsEx = { name, strError };
logEvent("FEDERATION_EXCEPTION_CREATE_AUTH_DOMAIN", paramsEx);
throw new AMConsoleException(strError);
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
COTException(com.sun.identity.cot.COTException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Example 15 with CircleOfTrustDescriptor
use of com.sun.identity.cot.CircleOfTrustDescriptor in project OpenAM by OpenRock.
the class SAML2IDPProxyFRImpl method getPreferredIDP.
/**
* Returns a list of preferred IDP providerIDs.
* @param authnRequest original authnrequest
* @param hostProviderID ProxyIDP providerID.
* @param realm Realm
* @param request HttpServletRequest
* @param response HttpServletResponse
* @return a list of providerID's of the authenticating providers to be
* proxied or <code>null</code> to disable the proxying and continue
* for the localauthenticating provider.
* @exception SAML2Exception if error occurs.
*/
public List getPreferredIDP(AuthnRequest authnRequest, String hostProviderID, String realm, HttpServletRequest request, HttpServletResponse response) throws SAML2Exception {
// Entering the class and method
String methodName = "getPreferredIDP";
String classMethod = className + methodName + ":";
debugMessage(methodName, "Entering.");
Boolean isIdpFinderForAllSPsEnabled = isIDPFinderForAllSPs(realm, hostProviderID);
// Start the logic to obtain the list of preferred IdPs
try {
// Inititate the metadata manager
SAML2MetaManager sm = new SAML2MetaManager();
if (sm == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
}
// Obtain the SP configuration
try {
spSSODescriptor = IDPSSOUtil.metaManager.getSPSSODescriptor(realm, authnRequest.getIssuer().getValue().toString());
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error(classMethod, sme);
spSSODescriptor = null;
}
// Get the relay state from the request, if exists
relayState = request.getParameter(SAML2Constants.RELAY_STATE);
binding = SAML2Constants.HTTP_REDIRECT;
if (request.getMethod().equals("POST")) {
binding = SAML2Constants.HTTP_POST;
}
// Read the local metadata of the SP that made the request
SPSSOConfigElement spEntityCfg = sm.getSPSSOConfig(realm, authnRequest.getIssuer().getValue());
Map spConfigAttrsMap = null;
if (spEntityCfg != null) {
spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg);
}
// Check if the local configuration of the remote SP wants to use
// the Introduction Cookie
Boolean isIntroductionForProxyingEnabled = false;
String useIntroductionForProxying = SPSSOFederate.getParameter(spConfigAttrsMap, SAML2Constants.USE_INTRODUCTION_FOR_IDP_PROXY);
if (useIntroductionForProxying != null)
isIntroductionForProxyingEnabled = useIntroductionForProxying.equalsIgnoreCase("true");
// Check if the local configuration of the remote SP wants to use
// the IDP Finder
Boolean isIdPFinderEnabled = false;
String idpFinderEnabled = SPSSOFederate.getParameter(spConfigAttrsMap, IDP_FINDER_ENABLED_IN_SP);
if (idpFinderEnabled != null)
isIdPFinderEnabled = idpFinderEnabled.equalsIgnoreCase("true");
String idpFinderJSP = getIDPFinderJSP(realm, hostProviderID);
// providerIDs will contain the list of IdPs to return from this method
List providerIDs = new ArrayList();
// extended metadata
if (!isIntroductionForProxyingEnabled && !isIdPFinderEnabled && !isIdpFinderForAllSPsEnabled) {
debugMessage(methodName, " idpFinder wil use the static list of the SP");
List<String> proxyIDPs = null;
if (spConfigAttrsMap != null && !spConfigAttrsMap.isEmpty()) {
proxyIDPs = (List<String>) spConfigAttrsMap.get(SAML2Constants.IDP_PROXY_LIST);
}
debugMessage(methodName, " List from the configuration: " + proxyIDPs);
if (proxyIDPs == null || proxyIDPs.isEmpty()) {
SAML2Utils.debug.error("SAML2IDPProxyImpl.getPrefferedIDP:" + "Preferred IDPs are null.");
return null;
}
// give the user the chance to select one interactively
if (proxyIDPs.size() > 1) {
String idpListSt = selectIDPBasedOnLOA(proxyIDPs, realm, authnRequest);
// Construct the IDPFinder URL to redirect to
String idpFinder = getRedirect(request, idpFinderJSP);
// Generate the requestID
String requestID = SAML2Utils.generateID();
// Store the important stuff and the session parameters so the
// idpFinderImplemenatation can read them and process them
storeSessionParamsAndCache(request, idpListSt, authnRequest, hostProviderID, realm, requestID);
debugMessage(methodName, ": Redirect url = " + idpFinder);
response.sendRedirect(idpFinder);
// return something different than null
providerIDs.add(requestID);
debugMessage(methodName, " Redirected successfully");
return providerIDs;
}
providerIDs.add(proxyIDPs.iterator().next());
return providerIDs;
}
// and it does not want to use the introduction cookie
if (!isIntroductionForProxyingEnabled && (isIdPFinderEnabled || isIdpFinderForAllSPsEnabled)) {
debugMessage(methodName, "SP wants to use IdP Finder");
String idpListSt = idpList(authnRequest, realm);
if (!idpListSt.trim().isEmpty()) {
// Construct the IDPFinder URL to redirect to
String idpFinder = getRedirect(request, idpFinderJSP);
// Generate the requestID
String requestID = SAML2Utils.generateID();
// Store the important stuff and the session parameters so the
// idpFinderImplemenatation can read them and process them
storeSessionParamsAndCache(request, idpListSt, authnRequest, hostProviderID, realm, requestID);
debugMessage(methodName, ": Redirect url = " + idpFinder);
response.sendRedirect(idpFinder);
// return something different than null
providerIDs.add(requestID);
debugMessage(methodName, " Redirected successfully");
return providerIDs;
} else {
return null;
}
} else {
// IDP Proxy with introduction cookie
List cotList = (List) spConfigAttrsMap.get("cotlist");
String cotListStr = (String) cotList.iterator().next();
CircleOfTrustManager cotManager = new CircleOfTrustManager();
CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotListStr);
String readerURL = cotDesc.getSAML2ReaderServiceURL();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "SAMLv2 idp" + "discovery reader URL = " + readerURL);
}
if (readerURL != null && (!readerURL.equals(""))) {
String rID = SAML2Utils.generateID();
String redirectURL = SAML2Utils.getRedirectURL(readerURL, rID, request);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.error(classMethod + "Redirect url = " + redirectURL);
}
if (redirectURL != null) {
response.sendRedirect(redirectURL);
Map aMap = new HashMap();
SPCache.reqParamHash.put(rID, aMap);
providerIDs.add(rID);
return providerIDs;
}
}
}
return null;
} catch (SAML2MetaException ex) {
SAML2Utils.debug.error(classMethod + "meta Exception in retrieving the preferred IDP", ex);
return null;
} catch (COTException sme) {
SAML2Utils.debug.error(classMethod + "Error retreiving COT ", sme);
return null;
} catch (Exception e) {
SAML2Utils.debug.error(classMethod + "Exception in retrieving the preferred IDP", e);
return null;
}
}
Also used :
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
HashMap(java.util.HashMap)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
ArrayList(java.util.ArrayList)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
COTException(com.sun.identity.cot.COTException)
COTException(com.sun.identity.cot.COTException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ArrayList(java.util.ArrayList)
List(java.util.List)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
HashMap(java.util.HashMap)
Map(java.util.Map)
Aggregations
CircleOfTrustDescriptor (com.sun.identity.cot.CircleOfTrustDescriptor)20
CircleOfTrustManager (com.sun.identity.cot.CircleOfTrustManager)16
COTException (com.sun.identity.cot.COTException)15
HashSet (java.util.HashSet)9
Set (java.util.Set)9
ArrayList (java.util.ArrayList)7
Iterator (java.util.Iterator)7
List (java.util.List)7
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)6
HashMap (java.util.HashMap)5
Map (java.util.Map)5
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)4
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)4
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)3
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)3
CLIRequest (com.sun.identity.cli.CLIRequest)2
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)2
SessionException (com.sun.identity.plugin.session.SessionException)2
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)2
IOException (java.io.IOException)2
