Search in sources :

Example 11 with FSAccountFedInfoKey

use of com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey in project OpenAM by OpenRock.

the class FSFedTerminationHandler method setUserID.

/**
     * Finds the user based on the termination request received from a remote
     * provider.
     * @param reqTermination the termination request
     * @return <code>true</code> if the user is found; <code>false</code>
     *  otherwise.
     */
public boolean setUserID(FSFederationTerminationNotification reqTermination) {
    try {
        // UserDN needs to be figured from termination request
        String sourceProviderId = "";
        if (managerInst != null) {
            sourceProviderId = reqTermination.getProviderId();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("sourceProviderId : " + sourceProviderId);
            }
            String opaqueHandle = (reqTermination.getNameIdentifier()).getName().trim();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("processTerminationRequest Handle : " + opaqueHandle);
            }
            String associatedDomain = (reqTermination.getNameIdentifier().getNameQualifier()).trim();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Name Qualifier : " + associatedDomain);
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Realm : " + realm);
            }
            String searchDomain = hostedEntityId;
            if ((associatedDomain != null) && (associatedDomain.length() != 0) && (!sourceProviderId.equals(associatedDomain))) {
                searchDomain = associatedDomain;
            }
            FSAccountFedInfoKey acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
            Map env = new HashMap();
            env.put(IFSConstants.FS_USER_PROVIDER_ENV_TERMINATION_KEY, reqTermination);
            this.userID = managerInst.getUserID(acctkey, realm, env);
            if (this.userID == null) {
                acctkey = new FSAccountFedInfoKey(remoteEntityId, opaqueHandle);
                this.userID = managerInst.getUserID(acctkey, realm, env);
                if (this.userID == null) {
                    FSUtils.debug.message("UserID is null");
                    return false;
                }
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("user id is " + userID);
            }
            return true;
        }
    } catch (FSAccountMgmtException e) {
        FSUtils.debug.error("In FSAccountMgmtException :: ", e);
    }
    this.userID = null;
    return false;
}
Also used : HashMap(java.util.HashMap) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) HashMap(java.util.HashMap) Map(java.util.Map)

Example 12 with FSAccountFedInfoKey

use of com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey in project OpenAM by OpenRock.

the class FSSSOAndFedHandler method doAccountFederation.

protected FSAccountFedInfo doAccountFederation(Object ssoToken, FSAuthnRequest authnRequest, FSSession session) {
    FSUtils.debug.message("FSSSOAndFedHandler.doAccountFederation: Called");
    String nameIDPolicy = authnRequest.getNameIDPolicy();
    String affiliationID = authnRequest.getAffiliationID();
    boolean isAffiliationFed = false;
    if (affiliationID != null) {
        try {
            isAffiliationFed = metaManager.isAffiliateMember(realm, hostedEntityId, affiliationID);
        } catch (Exception e) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.doAccount" + "Federation:Error in checking for the affiliation:", e);
            }
        }
    }
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        String userID = sessionProvider.getPrincipalName(ssoToken);
        FSAccountFedInfo existActInfo = null;
        if (isAffiliationFed) {
            existActInfo = accountManager.readAccountFedInfo(userID, affiliationID);
            if (existActInfo != null && existActInfo.isFedStatusActive()) {
                return existActInfo;
            }
        }
        // Check if there is an existing fed info
        String nameQualifier = authnRequest.getProviderId();
        existActInfo = accountManager.readAccountFedInfo(userID, nameQualifier);
        if (existActInfo != null && existActInfo.isFedStatusActive()) {
            return existActInfo;
        }
        FSNameIdentifierHelper nameHelper = new FSNameIdentifierHelper(hostedConfig);
        String opaqueHandle = nameHelper.createNameIdentifier();
        if (opaqueHandle == null) {
            FSUtils.debug.error("FSSSOAndFedHandler.doAccountFederation: " + "Could not generate handle");
            return null;
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedHandler.doAccountFederation: " + "Generated handle: " + opaqueHandle);
        }
        if (isAffiliationFed) {
            nameQualifier = affiliationID;
        }
        NameIdentifier ni = new NameIdentifier(opaqueHandle, nameQualifier);
        if (authnRequest.getMinorVersion() == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
            if (nameIDPolicy == null || !nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
                ni.setFormat(IFSConstants.NI_FEDERATED_FORMAT_URI);
            } else {
                ni.setFormat(IFSConstants.NI_ONETIME_FORMAT_URI);
            }
        }
        FSAccountFedInfo accountInfo = new FSAccountFedInfo(authnRequest.getProviderId(), ni, null, false);
        FSAccountFedInfoKey fedKey = null;
        if (isAffiliationFed) {
            fedKey = new FSAccountFedInfoKey(affiliationID, opaqueHandle);
            accountInfo.setAffiliation(true);
        } else {
            fedKey = new FSAccountFedInfoKey(authnRequest.getProviderId(), opaqueHandle);
        }
        if (nameIDPolicy == null || !nameIDPolicy.equals("onetime")) {
            accountManager.writeAccountFedInfo(userID, fedKey, accountInfo);
        } else {
            session.setOneTime(true);
            session.setAccountFedInfo(accountInfo);
            session.setUserID(userID);
        }
        return accountInfo;
    } catch (Exception ex) {
        FSUtils.debug.error("FSSSOAndFedHandler.doAccountFederation: " + "Exception when doing account federation", ex);
        return null;
    }
}
Also used : FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSRedirectException(com.sun.identity.federation.common.FSRedirectException) SessionProvider(com.sun.identity.plugin.session.SessionProvider) FSNameIdentifierHelper(com.sun.identity.federation.services.util.FSNameIdentifierHelper)

Example 13 with FSAccountFedInfoKey

use of com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey in project OpenAM by OpenRock.

the class BulkFederation method idffFederateUser.

private void idffFederateUser(String localUserId, String remoteUserId, BufferedWriter out) throws CLIException {
    SSOToken adminSSOToken = getAdminSSOToken();
    try {
        AMIdentity amid = IdUtils.getIdentity(adminSSOToken, localUserId);
        String nameId = createNameIdentifier();
        FSAccountFedInfoKey key = (isIDP) ? new FSAccountFedInfoKey(remoteEntityId, nameId) : new FSAccountFedInfoKey(localEntityId, nameId);
        FSAccountFedInfo info = null;
        if (isIDP) {
            info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, remoteEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.LOCAL_NAME_IDENTIFIER, true);
        } else {
            info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, localEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.REMOTE_NAME_IDENTIFIER, true);
        }
        Map attributes = amid.getAttributes(idffUserAttributesFed);
        Set setInfoKey = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_KEY_ATTR);
        if ((setInfoKey == null) || setInfoKey.isEmpty()) {
            setInfoKey = new HashSet(2);
            attributes.put(FSAccountUtils.USER_FED_INFO_KEY_ATTR, setInfoKey);
        }
        setInfoKey.add(FSAccountUtils.objectToKeyString(key));
        Set setInfo = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_ATTR);
        if ((setInfo == null) || setInfo.isEmpty()) {
            setInfo = new HashSet(2);
            attributes.put(FSAccountUtils.USER_FED_INFO_ATTR, setInfo);
        }
        setInfo.add(FSAccountUtils.objectToInfoString(info));
        amid.setAttributes(attributes);
        amid.store();
        out.write(remoteUserId + "|" + nameId);
        out.newLine();
    } catch (FSAccountMgmtException e) {
        debugError("BulkFederation.idffFederateUser", e);
        Object[] param = { localUserId };
        throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (SAMLException e) {
        debugError("BulkFederation.idffFederateUser", e);
        Object[] param = { localUserId };
        throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (IOException e) {
        debugError("BulkFederation.idffFederateUser", e);
        Object[] param = { localUserId };
        throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (IdRepoException e) {
        debugError("BulkFederation.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    } catch (SSOException e) {
        debugError("BulkFederation.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) HashSet(java.util.HashSet) Set(java.util.Set) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) IOException(java.io.IOException) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) SAMLException(com.sun.identity.saml.common.SAMLException) IOutput(com.sun.identity.cli.IOutput) AMIdentity(com.sun.identity.idm.AMIdentity) CLIException(com.sun.identity.cli.CLIException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Example 14 with FSAccountFedInfoKey

use of com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey in project OpenAM by OpenRock.

the class ImportBulkFederationData method idffFederateUser.

private void idffFederateUser(String userId, String nameId) throws CLIException {
    try {
        AMIdentity amid = IdUtils.getIdentity(getAdminSSOToken(), userId);
        FSAccountFedInfoKey key = (!isIDP) ? new FSAccountFedInfoKey(localEntityId, nameId) : new FSAccountFedInfoKey(remoteEntityId, nameId);
        FSAccountFedInfo info = null;
        if (isIDP) {
            info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, remoteEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.LOCAL_NAME_IDENTIFIER, false);
        } else {
            info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, localEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.REMOTE_NAME_IDENTIFIER, false);
        }
        Map attributes = amid.getAttributes(BulkFederation.idffUserAttributesFed);
        Set setInfoKey = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_KEY_ATTR);
        if ((setInfoKey == null) || setInfoKey.isEmpty()) {
            setInfoKey = new HashSet(2);
            attributes.put(FSAccountUtils.USER_FED_INFO_KEY_ATTR, setInfoKey);
        }
        setInfoKey.add(FSAccountUtils.objectToKeyString(key));
        Set setInfo = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_ATTR);
        if ((setInfo == null) || setInfo.isEmpty()) {
            setInfo = new HashSet(2);
            attributes.put(FSAccountUtils.USER_FED_INFO_ATTR, setInfo);
        }
        setInfo.add(FSAccountUtils.objectToInfoString(info));
        amid.setAttributes(attributes);
        amid.store();
    } catch (FSAccountMgmtException e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        Object[] param = { userId };
        throw new CLIException(MessageFormat.format(getResourceString("import-bulk-federation-data-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (SAMLException e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        Object[] param = { userId };
        throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (IdRepoException e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    } catch (SSOException e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    }
}
Also used : FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) HashSet(java.util.HashSet) Set(java.util.Set) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) SAMLException(com.sun.identity.saml.common.SAMLException) IOutput(com.sun.identity.cli.IOutput) AMIdentity(com.sun.identity.idm.AMIdentity) CLIException(com.sun.identity.cli.CLIException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Aggregations

FSAccountFedInfoKey (com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)14 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)12 HashMap (java.util.HashMap)10 Map (java.util.Map)10 FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)9 NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)9 SAMLException (com.sun.identity.saml.common.SAMLException)7 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)6 FSAccountManager (com.sun.identity.federation.accountmgmt.FSAccountManager)5 IOException (java.io.IOException)5 FSException (com.sun.identity.federation.common.FSException)4 SessionException (com.sun.identity.plugin.session.SessionException)4 SessionProvider (com.sun.identity.plugin.session.SessionProvider)4 SSOException (com.iplanet.sso.SSOException)3 AMIdentity (com.sun.identity.idm.AMIdentity)3 IdRepoException (com.sun.identity.idm.IdRepoException)3 HashSet (java.util.HashSet)3 Set (java.util.Set)3 SSOToken (com.iplanet.sso.SSOToken)2 CLIException (com.sun.identity.cli.CLIException)2