Examples with FSAccountMgmtException com.sun.identity.federation.accountmgmt.FSAccountMgmtException used on opensource projects

Example 11 with FSAccountMgmtException

use of com.sun.identity.federation.accountmgmt.FSAccountMgmtException in project OpenAM by OpenRock.

the class IDFFNameIdentifierMapper method getNameIdentifier.

/**
     * Returns mapped <code>NameIdentifier</code> for specified user.   
     * This is used by Discovery Service to generate correct 
     * <code>NameIdentifier</code> when creating credentials for remote
     * service provider. A <code>NameIdentifier</code> in encrypted format
     * will be returned if the mapped <code>NameIdentifier</code> is
     * different from the original <code>NameIdentifier</code>, this
     * is to prevent the <code>NameIdentifier</code> to be revealed
     * to a proxy service provider. 
     * @param spProviderID Provider ID of the service provider to which
     *     the <code>NameIdentifier</code> needs to be mapped. 
     * @param idpProviderID Provider ID of the identifier provider.
     * @param nameId The <code>NameIdentifier</code> needs to be mapped. 
     * @param userID The user whose mapped <code>NameIdentifier</code> will 
     *     be returned. The value is the universal identifier of the user.
     * @return the mapped <code>NameIdentifier</code> for specified user, 
     *     return null if unable to map the <code>NameIdentifier</code>,
     *     return original name identifier if no need to mapp the
     *     <code>NameIdentifier</code>.
     */
public NameIdentifier getNameIdentifier(String spProviderID, String idpProviderID, NameIdentifier nameId, String userID) {
    try {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("IDFFNameIdentifierMapper, enter " + "spProviderID=" + spProviderID + ", idpProviderID=" + idpProviderID + ", userID=" + userID);
            if (nameId != null) {
                FSUtils.debug.message("IDFFNameIdentifierMapper, enter " + "name identifier=" + nameId.toString());
            }
        }
        if ((spProviderID == null) || (idpProviderID == null) || (userID == null)) {
            return null;
        }
        if (spProviderID.equals(idpProviderID)) {
            // same entity, this is for the case of discovery service as IDP
            return nameId;
        }
        if (nameId != null) {
            String nameQualifier = nameId.getNameQualifier();
            if ((nameQualifier != null) && nameQualifier.equals(spProviderID)) {
                // current name id is intended for the spProviderID 
                return nameId;
            }
        }
        IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
        String metaAlias = metaManager.getIDPDescriptorConfig("/", idpProviderID).getMetaAlias();
        FSAccountManager fsaccountmgr = FSAccountManager.getInstance(metaAlias);
        FSAccountFedInfo accountinfo = fsaccountmgr.readAccountFedInfo(userID, spProviderID);
        if (accountinfo != null) {
            NameIdentifier ni = accountinfo.getLocalNameIdentifier();
            FSUtils.debug.message("IDFFNameIdentifierMapper : new Ni");
            ProviderManager pm = ProviderUtil.getProviderManager();
            if (pm != null) {
                Key encKey = pm.getEncryptionKey(spProviderID);
                if (encKey != null) {
                    // passed down through a proxy WSC
                    return EncryptedNameIdentifier.getEncryptedNameIdentifier(ni, spProviderID, encKey, pm.getEncryptionKeyAlgorithm(spProviderID), pm.getEncryptionKeyStrength(spProviderID));
                } else {
                    return ni;
                }
            } else {
                return ni;
            }
        } else {
            return nameId;
        }
    } catch (FSAccountMgmtException e) {
        // the federation info might not be there, just ignore
        FSUtils.debug.message("IDFFNameIdentifierMapper, account error", e);
    } catch (FSException e) {
        // the federation info might not be there, just ignore
        FSUtils.debug.message("IDFFNameIdentifierMapper, encrypt error", e);
    } catch (IDFFMetaException e) {
        // the provider might not be a IDFF provider, just ignore
        FSUtils.debug.message("IDFFNameIdentifierMapper, meta error", e);
    }
    return null;
}

Example 12 with FSAccountMgmtException

use of com.sun.identity.federation.accountmgmt.FSAccountMgmtException in project OpenAM by OpenRock.

the class FSServiceUtils method isRegisProfileSOAP.

/**
     * Determines if the registration profile is SOAP or not.
     * @param userID id of the user subject to registration
     * @param remoteEntityId remote provider's entity ID
     * @param remoteDescriptor remote provider's meta descriptor
     * @param metaAlias hosted provider's meta alias
     * @param hostedDescriptor hosted provider's meta descriptor
     * @return <code>true</code> if the registration profile is SOAP;
     *  <code>false</code> otherwise.
     */
public static boolean isRegisProfileSOAP(String userID, String remoteEntityId, SPDescriptorType remoteDescriptor, String metaAlias, IDPDescriptorType hostedDescriptor) {
    FSAccountFedInfo acctInfo = null;
    try {
        acctInfo = FSAccountManager.getInstance(metaAlias).readAccountFedInfo(userID, remoteEntityId);
    } catch (FSAccountMgmtException e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("in exception:", e);
        }
        return true;
    }
    String hostedProfile = FSServiceUtils.getFirstProtocolProfile(hostedDescriptor.getRegisterNameIdentifierProtocolProfile());
    String remoteProfile = FSServiceUtils.getFirstProtocolProfile(remoteDescriptor.getRegisterNameIdentifierProtocolProfile());
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("host profile is:" + hostedProfile + "\nremote profile is " + remoteProfile);
    }
    if (acctInfo.isRoleIDP()) {
        if (hostedProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_SP_SOAP_PROFILE) || hostedProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_SOAP_PROFILE)) {
            return true;
        } else if (hostedProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_SP_HTTP_PROFILE) || hostedProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_HTTP_PROFILE)) {
            return false;
        } else {
            FSUtils.debug.error("FSServiceUtils.isRegisProfileSOAP:" + "Invalid registration profile.");
            return true;
        }
    } else {
        if (remoteProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_SP_SOAP_PROFILE) || remoteProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_SOAP_PROFILE)) {
            return true;
        } else if (remoteProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_SP_HTTP_PROFILE) || remoteProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_HTTP_PROFILE)) {
            return false;
        } else {
            FSUtils.debug.error("FSServiceUtils.isRegisProfileSOAP:" + "Invalid registration profile.");
            return true;
        }
    }
}

Example 13 with FSAccountMgmtException

use of com.sun.identity.federation.accountmgmt.FSAccountMgmtException in project OpenAM by OpenRock.

the class LibertyManager method getProvidersToFederate.

/**
     * Returns the list of all Trusted Identity Providers of this user not
     * already federated with.  This is a subset of the Set returned by
     * <code>getIDPList()</code>. This method is used to show the drop-down
     * menu consisting of all the Identity Providers that the user is not
     * already federated with.
     *
     * @param realm the realm that the provider resides
     * @param providerID provider's entity ID.
     * @param providerRole provider Role.
     * @param userName name of user.
     * @return Set containing all the Identity Provider IDs which the user is
     *  not already federated with.
     */
public static Set getProvidersToFederate(String realm, String providerID, String providerRole, String userName) {
    Set unFederatedIDPs = new HashSet();
    if (providerID == null || providerRole == null || userName == null) {
        debug.error("LibertyManager.getProvidersToFederate:: null" + " parameter values");
        return unFederatedIDPs;
    }
    if (!providerRole.equals(IFSConstants.SP) && !providerRole.equals(IFSConstants.IDP)) {
        debug.error("LibertyManager.getProvidersToFederate:: Invalid" + " ProviderRole.");
        return unFederatedIDPs;
    }
    Iterator idpList = getIDPList(realm, providerID);
    Set alreadyFederatedProviders = null;
    try {
        alreadyFederatedProviders = FSAccountManager.getInstance(getMetaAlias(realm, providerID, providerRole)).readAllFederatedProviderID(providerID, userName);
        String idp = null;
        while (idpList.hasNext()) {
            idp = (String) idpList.next();
            if (!alreadyFederatedProviders.contains(idp)) {
                unFederatedIDPs.add(idp);
            }
        }
    } catch (FSAccountMgmtException ame) {
        debug.error("LibertyManager: getUnFederatedIDPList: Error while " + " getting allFederatedProviderID from Account Mgmt", ame);
    }
    return unFederatedIDPs;
}

Example 14 with FSAccountMgmtException

use of com.sun.identity.federation.accountmgmt.FSAccountMgmtException in project OpenAM by OpenRock.

the class BulkFederation method idffFederateUser.

private void idffFederateUser(String localUserId, String remoteUserId, BufferedWriter out) throws CLIException {
    SSOToken adminSSOToken = getAdminSSOToken();
    try {
        AMIdentity amid = IdUtils.getIdentity(adminSSOToken, localUserId);
        String nameId = createNameIdentifier();
        FSAccountFedInfoKey key = (isIDP) ? new FSAccountFedInfoKey(remoteEntityId, nameId) : new FSAccountFedInfoKey(localEntityId, nameId);
        FSAccountFedInfo info = null;
        if (isIDP) {
            info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, remoteEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.LOCAL_NAME_IDENTIFIER, true);
        } else {
            info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, localEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.REMOTE_NAME_IDENTIFIER, true);
        }
        Map attributes = amid.getAttributes(idffUserAttributesFed);
        Set setInfoKey = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_KEY_ATTR);
        if ((setInfoKey == null) || setInfoKey.isEmpty()) {
            setInfoKey = new HashSet(2);
            attributes.put(FSAccountUtils.USER_FED_INFO_KEY_ATTR, setInfoKey);
        }
        setInfoKey.add(FSAccountUtils.objectToKeyString(key));
        Set setInfo = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_ATTR);
        if ((setInfo == null) || setInfo.isEmpty()) {
            setInfo = new HashSet(2);
            attributes.put(FSAccountUtils.USER_FED_INFO_ATTR, setInfo);
        }
        setInfo.add(FSAccountUtils.objectToInfoString(info));
        amid.setAttributes(attributes);
        amid.store();
        out.write(remoteUserId + "|" + nameId);
        out.newLine();
    } catch (FSAccountMgmtException e) {
        debugError("BulkFederation.idffFederateUser", e);
        Object[] param = { localUserId };
        throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (SAMLException e) {
        debugError("BulkFederation.idffFederateUser", e);
        Object[] param = { localUserId };
        throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (IOException e) {
        debugError("BulkFederation.idffFederateUser", e);
        Object[] param = { localUserId };
        throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (IdRepoException e) {
        debugError("BulkFederation.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    } catch (SSOException e) {
        debugError("BulkFederation.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    }
}

Example 15 with FSAccountMgmtException

use of com.sun.identity.federation.accountmgmt.FSAccountMgmtException in project OpenAM by OpenRock.

the class ImportBulkFederationData method idffFederateUser.

private void idffFederateUser(String userId, String nameId) throws CLIException {
    try {
        AMIdentity amid = IdUtils.getIdentity(getAdminSSOToken(), userId);
        FSAccountFedInfoKey key = (!isIDP) ? new FSAccountFedInfoKey(localEntityId, nameId) : new FSAccountFedInfoKey(remoteEntityId, nameId);
        FSAccountFedInfo info = null;
        if (isIDP) {
            info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, remoteEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.LOCAL_NAME_IDENTIFIER, false);
        } else {
            info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, localEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.REMOTE_NAME_IDENTIFIER, false);
        }
        Map attributes = amid.getAttributes(BulkFederation.idffUserAttributesFed);
        Set setInfoKey = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_KEY_ATTR);
        if ((setInfoKey == null) || setInfoKey.isEmpty()) {
            setInfoKey = new HashSet(2);
            attributes.put(FSAccountUtils.USER_FED_INFO_KEY_ATTR, setInfoKey);
        }
        setInfoKey.add(FSAccountUtils.objectToKeyString(key));
        Set setInfo = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_ATTR);
        if ((setInfo == null) || setInfo.isEmpty()) {
            setInfo = new HashSet(2);
            attributes.put(FSAccountUtils.USER_FED_INFO_ATTR, setInfo);
        }
        setInfo.add(FSAccountUtils.objectToInfoString(info));
        amid.setAttributes(attributes);
        amid.store();
    } catch (FSAccountMgmtException e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        Object[] param = { userId };
        throw new CLIException(MessageFormat.format(getResourceString("import-bulk-federation-data-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (SAMLException e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        Object[] param = { userId };
        throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (IdRepoException e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    } catch (SSOException e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    }
}