Example 11 with FSAccountFedInfoKey
use of com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey in project OpenAM by OpenRock.
the class FSFedTerminationHandler method setUserID.
/**
* Finds the user based on the termination request received from a remote
* provider.
* @param reqTermination the termination request
* @return <code>true</code> if the user is found; <code>false</code>
* otherwise.
*/
public boolean setUserID(FSFederationTerminationNotification reqTermination) {
try {
// UserDN needs to be figured from termination request
String sourceProviderId = "";
if (managerInst != null) {
sourceProviderId = reqTermination.getProviderId();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("sourceProviderId : " + sourceProviderId);
}
String opaqueHandle = (reqTermination.getNameIdentifier()).getName().trim();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("processTerminationRequest Handle : " + opaqueHandle);
}
String associatedDomain = (reqTermination.getNameIdentifier().getNameQualifier()).trim();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Name Qualifier : " + associatedDomain);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Realm : " + realm);
}
String searchDomain = hostedEntityId;
if ((associatedDomain != null) && (associatedDomain.length() != 0) && (!sourceProviderId.equals(associatedDomain))) {
searchDomain = associatedDomain;
}
FSAccountFedInfoKey acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
Map env = new HashMap();
env.put(IFSConstants.FS_USER_PROVIDER_ENV_TERMINATION_KEY, reqTermination);
this.userID = managerInst.getUserID(acctkey, realm, env);
if (this.userID == null) {
acctkey = new FSAccountFedInfoKey(remoteEntityId, opaqueHandle);
this.userID = managerInst.getUserID(acctkey, realm, env);
if (this.userID == null) {
FSUtils.debug.message("UserID is null");
return false;
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("user id is " + userID);
}
return true;
}
} catch (FSAccountMgmtException e) {
FSUtils.debug.error("In FSAccountMgmtException :: ", e);
}
this.userID = null;
return false;
}
Also used :
HashMap(java.util.HashMap)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 12 with FSAccountFedInfoKey
use of com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey in project OpenAM by OpenRock.
the class FSSSOAndFedHandler method doAccountFederation.
protected FSAccountFedInfo doAccountFederation(Object ssoToken, FSAuthnRequest authnRequest, FSSession session) {
FSUtils.debug.message("FSSSOAndFedHandler.doAccountFederation: Called");
String nameIDPolicy = authnRequest.getNameIDPolicy();
String affiliationID = authnRequest.getAffiliationID();
boolean isAffiliationFed = false;
if (affiliationID != null) {
try {
isAffiliationFed = metaManager.isAffiliateMember(realm, hostedEntityId, affiliationID);
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.doAccount" + "Federation:Error in checking for the affiliation:", e);
}
}
}
try {
SessionProvider sessionProvider = SessionManager.getProvider();
String userID = sessionProvider.getPrincipalName(ssoToken);
FSAccountFedInfo existActInfo = null;
if (isAffiliationFed) {
existActInfo = accountManager.readAccountFedInfo(userID, affiliationID);
if (existActInfo != null && existActInfo.isFedStatusActive()) {
return existActInfo;
}
}
// Check if there is an existing fed info
String nameQualifier = authnRequest.getProviderId();
existActInfo = accountManager.readAccountFedInfo(userID, nameQualifier);
if (existActInfo != null && existActInfo.isFedStatusActive()) {
return existActInfo;
}
FSNameIdentifierHelper nameHelper = new FSNameIdentifierHelper(hostedConfig);
String opaqueHandle = nameHelper.createNameIdentifier();
if (opaqueHandle == null) {
FSUtils.debug.error("FSSSOAndFedHandler.doAccountFederation: " + "Could not generate handle");
return null;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.doAccountFederation: " + "Generated handle: " + opaqueHandle);
}
if (isAffiliationFed) {
nameQualifier = affiliationID;
}
NameIdentifier ni = new NameIdentifier(opaqueHandle, nameQualifier);
if (authnRequest.getMinorVersion() == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
if (nameIDPolicy == null || !nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
ni.setFormat(IFSConstants.NI_FEDERATED_FORMAT_URI);
} else {
ni.setFormat(IFSConstants.NI_ONETIME_FORMAT_URI);
}
}
FSAccountFedInfo accountInfo = new FSAccountFedInfo(authnRequest.getProviderId(), ni, null, false);
FSAccountFedInfoKey fedKey = null;
if (isAffiliationFed) {
fedKey = new FSAccountFedInfoKey(affiliationID, opaqueHandle);
accountInfo.setAffiliation(true);
} else {
fedKey = new FSAccountFedInfoKey(authnRequest.getProviderId(), opaqueHandle);
}
if (nameIDPolicy == null || !nameIDPolicy.equals("onetime")) {
accountManager.writeAccountFedInfo(userID, fedKey, accountInfo);
} else {
session.setOneTime(true);
session.setAccountFedInfo(accountInfo);
session.setUserID(userID);
}
return accountInfo;
} catch (Exception ex) {
FSUtils.debug.error("FSSSOAndFedHandler.doAccountFederation: " + "Exception when doing account federation", ex);
return null;
}
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
FSNameIdentifierHelper(com.sun.identity.federation.services.util.FSNameIdentifierHelper)
Example 13 with FSAccountFedInfoKey
use of com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey in project OpenAM by OpenRock.
the class BulkFederation method idffFederateUser.
private void idffFederateUser(String localUserId, String remoteUserId, BufferedWriter out) throws CLIException {
SSOToken adminSSOToken = getAdminSSOToken();
try {
AMIdentity amid = IdUtils.getIdentity(adminSSOToken, localUserId);
String nameId = createNameIdentifier();
FSAccountFedInfoKey key = (isIDP) ? new FSAccountFedInfoKey(remoteEntityId, nameId) : new FSAccountFedInfoKey(localEntityId, nameId);
FSAccountFedInfo info = null;
if (isIDP) {
info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, remoteEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.LOCAL_NAME_IDENTIFIER, true);
} else {
info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, localEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.REMOTE_NAME_IDENTIFIER, true);
}
Map attributes = amid.getAttributes(idffUserAttributesFed);
Set setInfoKey = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_KEY_ATTR);
if ((setInfoKey == null) || setInfoKey.isEmpty()) {
setInfoKey = new HashSet(2);
attributes.put(FSAccountUtils.USER_FED_INFO_KEY_ATTR, setInfoKey);
}
setInfoKey.add(FSAccountUtils.objectToKeyString(key));
Set setInfo = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_ATTR);
if ((setInfo == null) || setInfo.isEmpty()) {
setInfo = new HashSet(2);
attributes.put(FSAccountUtils.USER_FED_INFO_ATTR, setInfo);
}
setInfo.add(FSAccountUtils.objectToInfoString(info));
amid.setAttributes(attributes);
amid.store();
out.write(remoteUserId + "|" + nameId);
out.newLine();
} catch (FSAccountMgmtException e) {
debugError("BulkFederation.idffFederateUser", e);
Object[] param = { localUserId };
throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SAMLException e) {
debugError("BulkFederation.idffFederateUser", e);
Object[] param = { localUserId };
throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IOException e) {
debugError("BulkFederation.idffFederateUser", e);
Object[] param = { localUserId };
throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IdRepoException e) {
debugError("BulkFederation.idffFederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
} catch (SSOException e) {
debugError("BulkFederation.idffFederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
HashSet(java.util.HashSet)
Set(java.util.Set)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
IOException(java.io.IOException)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
SAMLException(com.sun.identity.saml.common.SAMLException)
IOutput(com.sun.identity.cli.IOutput)
AMIdentity(com.sun.identity.idm.AMIdentity)
CLIException(com.sun.identity.cli.CLIException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 14 with FSAccountFedInfoKey
use of com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey in project OpenAM by OpenRock.
the class ImportBulkFederationData method idffFederateUser.
private void idffFederateUser(String userId, String nameId) throws CLIException {
try {
AMIdentity amid = IdUtils.getIdentity(getAdminSSOToken(), userId);
FSAccountFedInfoKey key = (!isIDP) ? new FSAccountFedInfoKey(localEntityId, nameId) : new FSAccountFedInfoKey(remoteEntityId, nameId);
FSAccountFedInfo info = null;
if (isIDP) {
info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, remoteEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.LOCAL_NAME_IDENTIFIER, false);
} else {
info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, localEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.REMOTE_NAME_IDENTIFIER, false);
}
Map attributes = amid.getAttributes(BulkFederation.idffUserAttributesFed);
Set setInfoKey = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_KEY_ATTR);
if ((setInfoKey == null) || setInfoKey.isEmpty()) {
setInfoKey = new HashSet(2);
attributes.put(FSAccountUtils.USER_FED_INFO_KEY_ATTR, setInfoKey);
}
setInfoKey.add(FSAccountUtils.objectToKeyString(key));
Set setInfo = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_ATTR);
if ((setInfo == null) || setInfo.isEmpty()) {
setInfo = new HashSet(2);
attributes.put(FSAccountUtils.USER_FED_INFO_ATTR, setInfo);
}
setInfo.add(FSAccountUtils.objectToInfoString(info));
amid.setAttributes(attributes);
amid.store();
} catch (FSAccountMgmtException e) {
debugError("ImportBulkFederationData.idffFederateUser", e);
Object[] param = { userId };
throw new CLIException(MessageFormat.format(getResourceString("import-bulk-federation-data-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SAMLException e) {
debugError("ImportBulkFederationData.idffFederateUser", e);
Object[] param = { userId };
throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IdRepoException e) {
debugError("ImportBulkFederationData.idffFederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
} catch (SSOException e) {
debugError("ImportBulkFederationData.idffFederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
}
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
HashSet(java.util.HashSet)
Set(java.util.Set)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
SAMLException(com.sun.identity.saml.common.SAMLException)
IOutput(com.sun.identity.cli.IOutput)
AMIdentity(com.sun.identity.idm.AMIdentity)
CLIException(com.sun.identity.cli.CLIException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Aggregations
FSAccountFedInfoKey (com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)14
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)12
HashMap (java.util.HashMap)10
Map (java.util.Map)10
FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)9
NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)9
SAMLException (com.sun.identity.saml.common.SAMLException)7
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)6
FSAccountManager (com.sun.identity.federation.accountmgmt.FSAccountManager)5
IOException (java.io.IOException)5
FSException (com.sun.identity.federation.common.FSException)4
SessionException (com.sun.identity.plugin.session.SessionException)4
SessionProvider (com.sun.identity.plugin.session.SessionProvider)4
SSOException (com.iplanet.sso.SSOException)3
AMIdentity (com.sun.identity.idm.AMIdentity)3
IdRepoException (com.sun.identity.idm.IdRepoException)3
HashSet (java.util.HashSet)3
Set (java.util.Set)3
SSOToken (com.iplanet.sso.SSOToken)2
CLIException (com.sun.identity.cli.CLIException)2
