Example 11 with CircleOfTrustManager
use of com.sun.identity.cot.CircleOfTrustManager in project OpenAM by OpenRock.
the class FSAuthDomainsModelImpl method deleteAuthenticationDomain.
/**
* Deletes an authentication domain (circle of trust) within a given realm.
*
* @param realm name of realm where authentication domain exists.
* @param cotName name of the authentication domain.
* @throws AMConsoleException if authentication domain cannot be deleted.
*/
public void deleteAuthenticationDomain(String realm, String cotName) throws AMConsoleException {
String[] param = { realm, cotName };
logEvent("ATTEMPT_DELETE_AUTH_DOMAINS", param);
try {
CircleOfTrustManager manager = getCircleOfTrustManager();
manager.deleteCircleOfTrust(realm, cotName);
logEvent("SUCCEED_DELETE_AUTH_DOMAIN", param);
} catch (COTException e) {
String strError = getErrorString(e);
String[] paramsEx = { realm, cotName, strError };
logEvent("FEDERATION_EXCEPTION_DELETE_AUTH_DOMAIN", paramsEx);
throw new AMConsoleException(strError);
}
}
Also used :
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
COTException(com.sun.identity.cot.COTException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Example 12 with CircleOfTrustManager
use of com.sun.identity.cot.CircleOfTrustManager in project OpenAM by OpenRock.
the class FSPostLogin method doConsentToIntro.
/**
* Returns the Introduction Writer URL.
*
* @param metaAlias the provider alias.
* @param targetURL the url the writer servlet will redirect to.
* @param cotSelected the name of the Circle fo Trust.
* @return the writer url.
* @exception FSPostLoginException on error.
*/
private String doConsentToIntro(String metaAlias, String targetURL, String cotSelected) throws FSPostLoginException {
String tldURL = null;
try {
if (entityID == null) {
if (metaManager != null) {
entityID = metaManager.getEntityIDByMetaAlias(metaAlias);
}
}
if (realm == null) {
realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
}
CircleOfTrustManager cotManager = new CircleOfTrustManager();
CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotSelected);
if (cotDesc != null && (cotDesc.getCircleOfTrustStatus()).equalsIgnoreCase(IFSConstants.ACTIVE)) {
tldURL = cotDesc.getIDFFWriterServiceURL();
}
} catch (IDFFMetaException metaExp) {
FSUtils.debug.error("FSPostLogin::doConsentToIntro in cot managment expextion:", metaExp);
tldURL = null;
} catch (COTException meta2Exp) {
FSUtils.debug.error("FSPostLogin::doConsentToIntro in cot managment expextion:", meta2Exp);
tldURL = null;
}
String redirectURL = targetURL;
if (tldURL != null && entityID != null) {
redirectURL = new StringBuffer().append(tldURL).append(IFSConstants.QUESTION_MARK).append(IFSConstants.LRURL).append(IFSConstants.EQUAL_TO).append(URLEncDec.encode(targetURL)).append(IFSConstants.AMPERSAND).append(IFSConstants.PROVIDER_ID_KEY).append(IFSConstants.EQUAL_TO).append(URLEncDec.encode(entityID)).toString();
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::doConsentToIntro return url" + redirectURL);
}
return redirectURL;
}
Also used :
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
COTException(com.sun.identity.cot.COTException)
Example 13 with CircleOfTrustManager
use of com.sun.identity.cot.CircleOfTrustManager in project OpenAM by OpenRock.
the class FSIDPFinderService method getCommonDomainIDP.
/**
* Gets a preferred IDP from the common domain cookie.
* @param request HttpServletRequest
* @param response HttpServletResponse
* @param realm The realm under which the entity resides.
* @param entityID Hosted entity ID.
* @param requestID Original Authentication Request ID.
* @exception FSRedirectException for the redirection.
* IOException for any redirection failure.
*/
private String getCommonDomainIDP(HttpServletRequest request, HttpServletResponse response, String realm, String entityID, String requestID) throws FSRedirectException, IOException {
String idpID = FSUtils.findPreferredIDP(realm, request);
if (idpID != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP:" + "Preferred IDP found from the common domain." + idpID);
}
if (requestCotSetMap.containsKey(requestID)) {
requestCotSetMap.remove(requestID);
}
return idpID;
}
Set tmpCotSet = (Set) requestCotSetMap.get(requestID);
if (tmpCotSet == null) {
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
List cotList = null;
if (metaManager != null) {
BaseConfigType spConfig = metaManager.getSPDescriptorConfig(realm, entityID);
cotList = IDFFMetaUtils.getAttributeValueFromConfig(spConfig, IFSConstants.COT_LIST);
}
if (cotList != null) {
tmpCotSet = new HashSet();
tmpCotSet.addAll(cotList);
}
} catch (IDFFMetaException ie) {
FSUtils.debug.error("FSIDPFinderService.getCommonDomainIDP:cannot get meta:", ie);
return null;
}
}
if (tmpCotSet == null || tmpCotSet.isEmpty()) {
FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP::No more Cots.");
if (requestCotSetMap.containsKey(requestID)) {
requestCotSetMap.remove(requestID);
}
return null;
}
Iterator iter = tmpCotSet.iterator();
while (iter.hasNext()) {
String cotName = (String) iter.next();
iter.remove();
requestCotSetMap.put(requestID, tmpCotSet);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP: Trying Cot: " + cotName);
}
String readerServiceURL = null;
try {
CircleOfTrustManager cotManager = new CircleOfTrustManager();
CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotName);
if (cotDesc != null && (cotDesc.getCircleOfTrustStatus()).equalsIgnoreCase(IFSConstants.ACTIVE)) {
readerServiceURL = cotDesc.getIDFFReaderServiceURL();
}
} catch (COTException fe) {
FSUtils.debug.error("FSIDPFinderService.getCommonDomainIDP:" + "Unable to retrieve reader service url.", fe);
}
if (readerServiceURL != null) {
String baseURL = FSServiceUtils.getBaseURL(request);
StringBuffer returnURL = new StringBuffer(300);
returnURL.append(baseURL).append(IFSConstants.IDP_FINDER_URL).append("?").append("RequestID").append("=").append(URLEncDec.encode(requestID)).append("&").append("Realm=").append(URLEncDec.encode(realm)).append("&").append("ProviderID=").append(URLEncDec.encode(entityID));
StringBuffer redirectURL = new StringBuffer(300);
redirectURL.append(readerServiceURL).append("?").append(IFSConstants.LRURL).append("=").append(URLEncDec.encode(returnURL.toString()));
String url = redirectURL.toString();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP:Redirection URL:" + url);
}
response.setHeader("Location", url);
response.sendRedirect(url);
throw new FSRedirectException(FSUtils.bundle.getString("Redirection_Happened"));
}
}
return null;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
COTException(com.sun.identity.cot.COTException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashSet(java.util.HashSet)
Example 14 with CircleOfTrustManager
use of com.sun.identity.cot.CircleOfTrustManager in project OpenAM by OpenRock.
the class SAML2IDPProxyImpl method getPreferredIDP.
/**
* Returns a list of preferred IDP providerIDs.
* @param authnRequest original authnrequest
* @param hostProviderID ProxyIDP providerID.
* @param realm Realm
* @param request HttpServletRequest
* @param response HttpServletResponse
* @return a list of providerID's of the authenticating providers to be
* proxied or <code>null</code> to disable the proxying and continue
* for the localauthenticating provider.
* @exception SAML2Exception if error occurs.
*/
public List getPreferredIDP(AuthnRequest authnRequest, String hostProviderID, String realm, HttpServletRequest request, HttpServletResponse response) throws SAML2Exception {
String classMethod = "SAML2IDPProxyImpl.getPreferredIDP:";
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "Init.");
}
try {
SAML2MetaManager sm = new SAML2MetaManager();
// Retreive MetaData
if (sm == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
}
SPSSOConfigElement spEntityCfg = sm.getSPSSOConfig(realm, authnRequest.getIssuer().getValue());
Map spConfigAttrsMap = null;
if (spEntityCfg != null) {
spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg);
}
String useIntroductionForProxying = SPSSOFederate.getParameter(spConfigAttrsMap, SAML2Constants.USE_INTRODUCTION_FOR_IDP_PROXY);
List providerIDs = new ArrayList();
if (useIntroductionForProxying == null || !useIntroductionForProxying.equals("true")) {
List proxyIDPs = null;
if ((spConfigAttrsMap != null) && (!spConfigAttrsMap.isEmpty())) {
proxyIDPs = (List) spConfigAttrsMap.get(SAML2Constants.IDP_PROXY_LIST);
}
if (proxyIDPs == null || proxyIDPs.isEmpty()) {
SAML2Utils.debug.error("SAML2IDPProxyImpl.getPrefferedIDP:" + "Preferred IDPs are null.");
return null;
}
providerIDs.add(proxyIDPs.iterator().next());
return providerIDs;
} else {
/* IDP Proxy with introduction cookie case*/
String idpEntityID = null;
List cotList = (List) spConfigAttrsMap.get("cotlist");
String cotListStr = (String) cotList.iterator().next();
CircleOfTrustManager cotManager = new CircleOfTrustManager();
CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotListStr);
String readerURL = cotDesc.getSAML2ReaderServiceURL();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "SAMLv2 idp" + "discovery reader URL = " + readerURL);
}
if (readerURL != null && (!readerURL.equals(""))) {
String rID = SAML2Utils.generateID();
String redirectURL = SAML2Utils.getRedirectURL(readerURL, rID, request);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.error(classMethod + "Redirect url = " + redirectURL);
}
if (redirectURL != null) {
response.sendRedirect(redirectURL);
Map aMap = new HashMap();
SPCache.reqParamHash.put(rID, aMap);
providerIDs.add(rID);
return providerIDs;
}
}
}
return null;
} catch (SAML2MetaException ex) {
SAML2Utils.debug.error(classMethod + "meta Exception in retrieving the preferred IDP", ex);
return null;
} catch (COTException sme) {
SAML2Utils.debug.error(classMethod + "Error retreiving COT ", sme);
return null;
} catch (Exception e) {
SAML2Utils.debug.error(classMethod + "Exception in retrieving the preferred IDP", e);
return null;
}
}
Also used :
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
HashMap(java.util.HashMap)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
ArrayList(java.util.ArrayList)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
COTException(com.sun.identity.cot.COTException)
COTException(com.sun.identity.cot.COTException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 15 with CircleOfTrustManager
use of com.sun.identity.cot.CircleOfTrustManager in project OpenAM by OpenRock.
the class GetCircleOfTrusts method execute.
/**
* Returns Circle of trust of a given realm or extended metadata.
*
* @param locale Locale of the request.
* @param params Map of creation parameters.
*/
public String execute(Locale locale, Map params) throws WorkflowException {
String realm = getString(params, ParameterKeys.P_REALM);
if (realm == null) {
String extendedMetaData = getString(params, ParameterKeys.P_EXTENDED_DATA);
if (extendedMetaData != null) {
realm = getRealmFromExtData(getContent(extendedMetaData, locale));
}
}
if (realm == null) {
throw new WorkflowException("invalid-metaalias-slash", null);
}
try {
CircleOfTrustManager mgr = new CircleOfTrustManager();
Set cots = mgr.getAllCirclesOfTrust(realm);
StringBuffer buff = new StringBuffer();
if ((cots != null) && !cots.isEmpty()) {
boolean first = true;
for (Iterator i = cots.iterator(); i.hasNext(); ) {
String c = (String) i.next();
if (first) {
first = false;
} else {
buff.append("|");
}
try {
buff.append(StringUtils.encodeURIComponent(c, "UTF-8"));
} catch (UnsupportedEncodingException e) {
buff.append(c);
}
}
}
return buff.toString();
} catch (COTException e) {
throw new WorkflowException("invalid-extended-data-cot", null);
}
}
Also used :
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
Set(java.util.Set)
Iterator(java.util.Iterator)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
COTException(com.sun.identity.cot.COTException)
Aggregations
CircleOfTrustManager (com.sun.identity.cot.CircleOfTrustManager)35
COTException (com.sun.identity.cot.COTException)29
Set (java.util.Set)18
CircleOfTrustDescriptor (com.sun.identity.cot.CircleOfTrustDescriptor)16
Iterator (java.util.Iterator)15
CLIException (com.sun.identity.cli.CLIException)10
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)9
HashSet (java.util.HashSet)9
List (java.util.List)9
ArrayList (java.util.ArrayList)6
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)5
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)5
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)5
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)5
HashMap (java.util.HashMap)4
Map (java.util.Map)4
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)3
CLIRequest (com.sun.identity.cli.CLIRequest)2
IOutput (com.sun.identity.cli.IOutput)2
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)2
