Examples with CircleOfTrustManager com.sun.identity.cot.CircleOfTrustManager used on opensource projects

Example 31 with CircleOfTrustManager

use of com.sun.identity.cot.CircleOfTrustManager in project OpenAM by OpenRock.

the class SAML2IDPProxyFRImpl method getPreferredIDP.

/**
     * Returns a list of preferred IDP providerIDs.
     * @param authnRequest original authnrequest
     * @param hostProviderID ProxyIDP providerID.
     * @param realm Realm
     * @param request HttpServletRequest
     * @param response HttpServletResponse
     * @return a list of providerID's of the authenticating providers to be
     *     proxied or <code>null</code> to disable the proxying and continue
     *     for the localauthenticating provider.
     * @exception SAML2Exception if error occurs.
     */
public List getPreferredIDP(AuthnRequest authnRequest, String hostProviderID, String realm, HttpServletRequest request, HttpServletResponse response) throws SAML2Exception {
    // Entering the class and method
    String methodName = "getPreferredIDP";
    String classMethod = className + methodName + ":";
    debugMessage(methodName, "Entering.");
    Boolean isIdpFinderForAllSPsEnabled = isIDPFinderForAllSPs(realm, hostProviderID);
    // Start the logic to obtain the list of preferred IdPs
    try {
        // Inititate the metadata manager
        SAML2MetaManager sm = new SAML2MetaManager();
        if (sm == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
        }
        // Obtain the SP configuration
        try {
            spSSODescriptor = IDPSSOUtil.metaManager.getSPSSODescriptor(realm, authnRequest.getIssuer().getValue().toString());
        } catch (SAML2MetaException sme) {
            SAML2Utils.debug.error(classMethod, sme);
            spSSODescriptor = null;
        }
        // Get the relay state from the request, if exists
        relayState = request.getParameter(SAML2Constants.RELAY_STATE);
        binding = SAML2Constants.HTTP_REDIRECT;
        if (request.getMethod().equals("POST")) {
            binding = SAML2Constants.HTTP_POST;
        }
        // Read the local metadata of the SP that made the request
        SPSSOConfigElement spEntityCfg = sm.getSPSSOConfig(realm, authnRequest.getIssuer().getValue());
        Map spConfigAttrsMap = null;
        if (spEntityCfg != null) {
            spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg);
        }
        // Check if the local configuration of the remote SP wants to use
        // the Introduction Cookie
        Boolean isIntroductionForProxyingEnabled = false;
        String useIntroductionForProxying = SPSSOFederate.getParameter(spConfigAttrsMap, SAML2Constants.USE_INTRODUCTION_FOR_IDP_PROXY);
        if (useIntroductionForProxying != null)
            isIntroductionForProxyingEnabled = useIntroductionForProxying.equalsIgnoreCase("true");
        // Check if the local configuration of the remote SP wants to use
        // the IDP Finder
        Boolean isIdPFinderEnabled = false;
        String idpFinderEnabled = SPSSOFederate.getParameter(spConfigAttrsMap, IDP_FINDER_ENABLED_IN_SP);
        if (idpFinderEnabled != null)
            isIdPFinderEnabled = idpFinderEnabled.equalsIgnoreCase("true");
        String idpFinderJSP = getIDPFinderJSP(realm, hostProviderID);
        // providerIDs will contain the list of IdPs to return from this method
        List providerIDs = new ArrayList();
        // extended metadata
        if (!isIntroductionForProxyingEnabled && !isIdPFinderEnabled && !isIdpFinderForAllSPsEnabled) {
            debugMessage(methodName, " idpFinder wil use the static list of the SP");
            List<String> proxyIDPs = null;
            if (spConfigAttrsMap != null && !spConfigAttrsMap.isEmpty()) {
                proxyIDPs = (List<String>) spConfigAttrsMap.get(SAML2Constants.IDP_PROXY_LIST);
            }
            debugMessage(methodName, " List from the configuration: " + proxyIDPs);
            if (proxyIDPs == null || proxyIDPs.isEmpty()) {
                SAML2Utils.debug.error("SAML2IDPProxyImpl.getPrefferedIDP:" + "Preferred IDPs are null.");
                return null;
            }
            // give the user the chance to select one interactively
            if (proxyIDPs.size() > 1) {
                String idpListSt = selectIDPBasedOnLOA(proxyIDPs, realm, authnRequest);
                // Construct the IDPFinder URL to redirect to
                String idpFinder = getRedirect(request, idpFinderJSP);
                // Generate the requestID
                String requestID = SAML2Utils.generateID();
                // Store the important stuff and the session parameters so the
                // idpFinderImplemenatation can read them and process them
                storeSessionParamsAndCache(request, idpListSt, authnRequest, hostProviderID, realm, requestID);
                debugMessage(methodName, ": Redirect url = " + idpFinder);
                response.sendRedirect(idpFinder);
                // return something different than null
                providerIDs.add(requestID);
                debugMessage(methodName, " Redirected successfully");
                return providerIDs;
            }
            providerIDs.add(proxyIDPs.iterator().next());
            return providerIDs;
        }
        // and it does not want to use the introduction cookie
        if (!isIntroductionForProxyingEnabled && (isIdPFinderEnabled || isIdpFinderForAllSPsEnabled)) {
            debugMessage(methodName, "SP wants to use IdP Finder");
            String idpListSt = idpList(authnRequest, realm);
            if (!idpListSt.trim().isEmpty()) {
                // Construct the IDPFinder URL to redirect to
                String idpFinder = getRedirect(request, idpFinderJSP);
                // Generate the requestID
                String requestID = SAML2Utils.generateID();
                // Store the important stuff and the session parameters so the
                // idpFinderImplemenatation can read them and process them
                storeSessionParamsAndCache(request, idpListSt, authnRequest, hostProviderID, realm, requestID);
                debugMessage(methodName, ": Redirect url = " + idpFinder);
                response.sendRedirect(idpFinder);
                // return something different than null
                providerIDs.add(requestID);
                debugMessage(methodName, " Redirected successfully");
                return providerIDs;
            } else {
                return null;
            }
        } else {
            // IDP Proxy with introduction cookie
            List cotList = (List) spConfigAttrsMap.get("cotlist");
            String cotListStr = (String) cotList.iterator().next();
            CircleOfTrustManager cotManager = new CircleOfTrustManager();
            CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotListStr);
            String readerURL = cotDesc.getSAML2ReaderServiceURL();
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(classMethod + "SAMLv2 idp" + "discovery reader URL = " + readerURL);
            }
            if (readerURL != null && (!readerURL.equals(""))) {
                String rID = SAML2Utils.generateID();
                String redirectURL = SAML2Utils.getRedirectURL(readerURL, rID, request);
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.error(classMethod + "Redirect url = " + redirectURL);
                }
                if (redirectURL != null) {
                    response.sendRedirect(redirectURL);
                    Map aMap = new HashMap();
                    SPCache.reqParamHash.put(rID, aMap);
                    providerIDs.add(rID);
                    return providerIDs;
                }
            }
        }
        return null;
    } catch (SAML2MetaException ex) {
        SAML2Utils.debug.error(classMethod + "meta Exception in retrieving the preferred IDP", ex);
        return null;
    } catch (COTException sme) {
        SAML2Utils.debug.error(classMethod + "Error retreiving COT ", sme);
        return null;
    } catch (Exception e) {
        SAML2Utils.debug.error(classMethod + "Exception in retrieving the preferred IDP", e);
        return null;
    }
}

Example 32 with CircleOfTrustManager

use of com.sun.identity.cot.CircleOfTrustManager in project OpenAM by OpenRock.

the class ConfigFedMonitoring method getAllRealms.

private void getAllRealms(String startRealm) {
    String classMethod = "ConfigFedMonitoring.getAllRealms: ";
    // until IDPs/SPs per realm instrum
    boolean skipSAML2Entities = true;
    StringBuffer sb = new StringBuffer(classMethod);
    sb.append("orgnames starting from ").append(startRealm).append(":\n");
    sb.append("  ").append(startRealm).append("\n");
    List rList = getRealmsList(startRealm);
    try {
        CircleOfTrustManager cotmgr = new CircleOfTrustManager();
        SAML2MetaManager saml2Mgr = new SAML2MetaManager();
        IDFFMetaManager idffmgr = new IDFFMetaManager(ssoToken);
        for (Iterator it = rList.iterator(); it.hasNext(); ) {
            String thisRealm = (String) it.next();
            Set cots = getCOTs(thisRealm, cotmgr);
            Map s2Ents = null;
            if (!skipSAML2Entities) {
                s2Ents = getSAML2Entities(thisRealm, saml2Mgr);
            }
            Map wsEnts = getWSFedEntities(thisRealm);
            Map idffentMap = getIDFFEntities(thisRealm, idffmgr);
            /*
                 *  getCOTMembers(thisRealm, cot, cotmgr, cotsb)
                 *  can get the members of the COT, but there isn't
                 *  a (MIB) entry that right now.
                 */
            Map membMap = getCOTMembers(thisRealm, cots, cotmgr);
            SSOServerRealmFedInfo srfi = new SSOServerRealmFedInfo.SSOServerRealmFedInfoBuilder(thisRealm).cots(cots).samlv2Entities(s2Ents).wsEntities(wsEnts).idffEntities(idffentMap).membEntities(membMap).build();
            Agent.federationConfig(srfi);
        }
    } catch (SAML2MetaException e) {
        debug.error(classMethod + "SAML2 ex: " + e.getMessage());
    } catch (COTException e) {
        debug.error(classMethod + "COT ex: " + e.getMessage());
    } catch (IDFFMetaException e) {
        debug.error(classMethod + "IDFF ex: " + e.getMessage());
    }
}

Example 33 with CircleOfTrustManager

use of com.sun.identity.cot.CircleOfTrustManager in project OpenAM by OpenRock.

the class FSLoginHelper method getTLDURL.

private String getTLDURL() {
    String tldURL = null;
    FSUtils.debug.message("FSLoginHelper.getTLDURL() :: called");
    try {
        if ((cotList == null) || (cotList.isEmpty())) {
            FSUtils.debug.error("FSLoginHelper::getTLDURL():" + "Received COT Set is Invalid");
        } else {
            if (cotList.size() > 1) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSLoginHelper::getTLDURL() " + "Multiple COTs found will do polling ");
                }
            } else {
                FSUtils.debug.message("FSLoginHelper::getTLDURL() Single COT found");
            }
            Iterator iter = cotList.iterator();
            CircleOfTrustManager cotManager = new CircleOfTrustManager();
            while (iter.hasNext()) {
                CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, (String) iter.next());
                if (cotDesc != null && (cotDesc.getCircleOfTrustStatus()).equalsIgnoreCase(IFSConstants.ACTIVE)) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSLoginHelper::getTLDURL " + "found a active cot with cotid : " + cotDesc.getCircleOfTrustName());
                    }
                    tldURL = cotDesc.getIDFFReaderServiceURL();
                    break;
                }
            }
        }
    } catch (COTException ame) {
        FSUtils.debug.error("FSLoginHelper.getTLDURL():" + "COTException:", ame);
    } catch (Exception exp) {
        FSUtils.debug.error("FSLoginHelper.getTLDURL():General Exception:", exp);
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSLoginHelper::getTLDURL().tldURL  " + tldURL);
    }
    return tldURL;
}

Example 34 with CircleOfTrustManager

use of com.sun.identity.cot.CircleOfTrustManager in project OpenAM by OpenRock.

the class SAML2Test method deleteCircleOfTrust.

@Test(groups = { "samlv2" }, dependsOnMethods = { "removeProviderFromCircleOfTrust" }, expectedExceptions = { COTException.class })
public void deleteCircleOfTrust() throws CLIException, COTException, SAML2MetaException {
    entering("deleteCircleOfTrust", null);
    String[] args = { "delete-cot", CLIConstants.PREFIX_ARGUMENT_LONG + FedCLIConstants.ARGUMENT_COT, NAME_COT };
    CLIRequest req = new CLIRequest(null, args, getAdminSSOToken());
    cmdManager.addToRequestQueue(req);
    cmdManager.serviceRequestQueue();
    try {
        cmdManager.serviceRequestQueue();
        CircleOfTrustManager cotManager = new CircleOfTrustManager();
        CircleOfTrustDescriptor objCircleOfTrust = cotManager.getCircleOfTrust("/", NAME_COT);
    } finally {
        exiting("deleteCircleOfTrust");
    }
}

Example 35 with CircleOfTrustManager

use of com.sun.identity.cot.CircleOfTrustManager in project OpenAM by OpenRock.

the class SAML2Test method createCircleOfTrust.

@Test(groups = { "samlv2" })
public void createCircleOfTrust() throws CLIException, COTException, SAML2MetaException {
    entering("createCircleOfTrust", null);
    String[] args = { "create-cot", CLIConstants.PREFIX_ARGUMENT_LONG + FedCLIConstants.ARGUMENT_COT, NAME_COT };
    CLIRequest req = new CLIRequest(null, args, getAdminSSOToken());
    cmdManager.addToRequestQueue(req);
    try {
        cmdManager.serviceRequestQueue();
        CircleOfTrustManager cotManager = new CircleOfTrustManager();
        CircleOfTrustDescriptor objCircleOfTrust = cotManager.getCircleOfTrust("/", NAME_COT);
        assert (objCircleOfTrust != null);
    } finally {
        exiting("createCircleOfTrust");
    }
}