Examples with BaseConfigType com.sun.identity.federation.jaxb.entityconfig.BaseConfigType used on opensource projects

Example 1 with BaseConfigType

use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.

the class FSAttributeStatementHelper method getAutoFedAttributeStatement.

/**
     * Gets a SAML <code>AttributeStatement</code> by using an
     * <code>AutoFederate</code> attribute that is configured in Local Provider.
     * @param realm The realm under which the entity resides.
     * @param entityID Host Provider's entity ID.
     * @param sub Liberty Subject.
     * @param ssoToken session of the user
     * @return Generated Auto Federate Attribute Statement.
     * @exception FSException if an error occurred
     */
public static AttributeStatement getAutoFedAttributeStatement(String realm, String entityID, FSSubject sub, Object ssoToken) throws FSException {
    IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
    BaseConfigType hostConfig = null;
    try {
        if (metaManager != null) {
            hostConfig = metaManager.getIDPDescriptorConfig(realm, entityID);
        }
    } catch (IDFFMetaException fae) {
        FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: IDFFMetaException ", fae);
        throw new FSException(fae);
    }
    String autoFedAttr = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.AUTO_FEDERATION_ATTRIBUTE);
    if (autoFedAttr == null) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAttributeStatementHelper.getAutoFed:" + "AttributeStatement: AutoFederate Attribute is null");
        }
        return null;
    }
    List values = new ArrayList();
    try {
        String userID = SessionManager.getProvider().getPrincipalName(ssoToken);
        DataStoreProvider provider = DataStoreProviderManager.getInstance().getDataStoreProvider(IFSConstants.IDFF);
        Set vals = provider.getAttribute(userID, autoFedAttr);
        Iterator iter = vals.iterator();
        while (iter.hasNext()) {
            values.add(getAttributeValue((String) iter.next()));
        }
    } catch (SessionException se) {
        FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: SessionException ", se);
        throw new FSException(se);
    } catch (DataStoreProviderException ie) {
        FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: DataStoreProviderException ", ie);
        throw new FSException(ie);
    }
    if (values == null || values.size() == 0) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAtributeStatementHelper.getAuto:" + "FedAttributeStatement. No values for autofed attribute");
        }
        return null;
    }
    try {
        Attribute attribute = new Attribute(IFSConstants.AUTO_FED_ATTR, IFSConstants.assertionSAMLNameSpaceURI, values);
        List attributeList = new ArrayList();
        attributeList.add(attribute);
        return new AttributeStatement(sub, attributeList);
    } catch (SAMLException ex) {
        FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: SAMLException ", ex);
        throw new FSException(ex);
    }
}

Example 2 with BaseConfigType

use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.

the class FSSingleLogoutHandler method handleIDPProxyLogout.

private FSLogoutStatus handleIDPProxyLogout(String sourceEntityId) {
    FSLogoutStatus retStatus = null;
    FSUtils.debug.message("FSSingleLogoutHandler.handleIDPProxyLogout.");
    // get sp metaAlias if any
    String proxySPAlias = null;
    boolean isProxy = false;
    BaseConfigType proxySPConfig = null;
    ProviderDescriptorType proxySPDescriptor = null;
    if (hostedRole == IFSConstants.IDP) {
        // see if there is a hosted SP with the same hostedEntityId
        proxySPAlias = IDFFMetaUtils.getMetaAlias(realm, hostedEntityId, IFSConstants.SP, null);
        if (proxySPAlias != null) {
            // check to see if original SP is idp proxy enabled
            if (metaManager != null) {
                try {
                    BaseConfigType sourceSPConfig = metaManager.getSPDescriptorConfig(realm, sourceEntityId);
                    String enabledString = IDFFMetaUtils.getFirstAttributeValueFromConfig(sourceSPConfig, IFSConstants.ENABLE_IDP_PROXY);
                    if (enabledString != null && enabledString.equalsIgnoreCase("true")) {
                        isProxy = true;
                    }
                } catch (IDFFMetaException ie) {
                    // Shouldn't be here
                    isProxy = false;
                }
            }
        }
    }
    if (isProxy) {
        FSUtils.debug.message("FSSingleLogoutHandler.handleIDPProxyLogout:isProxy is true.");
        // see if there is any session with that proxySPAlias
        try {
            FSSessionManager sessionMgr = FSSessionManager.getInstance(proxySPAlias);
            FSSession session = sessionMgr.getSession(ssoToken);
            if (session != null) {
                List partners = session.getSessionPartners();
                if (partners != null && !partners.isEmpty()) {
                    FSSingleLogoutHandler handler = new FSSingleLogoutHandler();
                    proxySPConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
                    proxySPDescriptor = metaManager.getSPDescriptor(realm, hostedEntityId);
                    handler.setHostedDescriptor(proxySPDescriptor);
                    handler.setHostedDescriptorConfig(proxySPConfig);
                    handler.setRealm(realm);
                    handler.setHostedEntityId(hostedEntityId);
                    handler.setHostedProviderRole(IFSConstants.SP);
                    handler.setMetaAlias(proxySPAlias);
                    Iterator iter = partners.iterator();
                    retStatus = new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
                    // most of the time it will have only one idp partner
                    while (iter.hasNext()) {
                        FSSessionPartner sessionPartner = (FSSessionPartner) iter.next();
                        String curEntityId = sessionPartner.getPartner();
                        if (curEntityId.equals(sourceEntityId) || !sessionPartner.getIsRoleIDP()) {
                            continue;
                        }
                        FSLogoutStatus curStatus = handler.doIDPProxySoapProfile(request, response, sessionPartner, userID, session.getSessionIndex(), ssoToken);
                        if (!curStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
                            retStatus = curStatus;
                        }
                    }
                }
            }
        } catch (Exception e) {
            FSUtils.debug.error("FSSingleLogoutHandler.handleIDPProxy:", e);
            retStatus = new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
        }
    }
    return retStatus;
}

Example 3 with BaseConfigType

use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.

the class LibertyManager method getMappedNameIdentifier.

/**
     * Returns <code>NameIdentifier</code> between the IDP and
     * the other SP for the same principal. This method should
     * be used by the code on the hosted SP, where the user
     * has logged in, and has an account linking with the IDP.
     * Futhermore, the same principal has an account linking
     * between his/her other (remote) SP account and the IDP
     * account.
     *
     * @param hostedSPMetaAlias The <code>metaAlias</code> of
     * the local service provider.
     * @param ssoToken The session token of the logged-
     * in user on the local service provider.
     * @param remoteSPEntityID The entity ID of the remote
     * service provider. In other words, it is the targeted
     * name space for the returned name identifier.
     * @return <code>NameIdentifier</code> of the same principal
     * but original established between the remote SP and
     * the IDP
     */
public static NameIdentifier getMappedNameIdentifier(String hostedSPMetaAlias, Object ssoToken, String remoteSPEntityID) {
    String classMethod = "LibertyManager.getMappedNameIdentifier: ";
    String hostedEntityID = getEntityID(hostedSPMetaAlias);
    String realm = IDFFMetaUtils.getRealmByMetaAlias(hostedSPMetaAlias);
    if (debug.messageEnabled()) {
        debug.message("NameMappingRequester: hostedEntityID=" + hostedEntityID);
    }
    SPDescriptorType hostedDescriptor = null;
    BaseConfigType hostedConfig = null;
    try {
        hostedDescriptor = metaManager.getSPDescriptor(realm, hostedEntityID);
        hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityID);
    } catch (IDFFMetaException ie) {
        debug.error(classMethod + "couldn't obtain hosted meta:", ie);
        return null;
    }
    String userID = null;
    try {
        userID = SessionManager.getProvider().getPrincipalName(ssoToken);
    } catch (SessionException ssoe) {
        debug.error("SessionException caught when trying to " + "get user DN from session token:", ssoe);
        return null;
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "userID=" + userID);
    }
    FSNameMappingHandler handler = new FSNameMappingHandler(hostedEntityID, hostedDescriptor, hostedConfig, hostedSPMetaAlias);
    NameIdentifier ni = null;
    if (debug.messageEnabled()) {
        debug.message(classMethod + "targetNamespace (remoteSPEntityID)=" + remoteSPEntityID);
    }
    FSSessionManager sMgr = FSSessionManager.getInstance(hostedSPMetaAlias);
    FSSession sess = null;
    if (sMgr != null) {
        sess = sMgr.getSession(ssoToken);
    }
    FSSessionPartner partner = null;
    if (sess != null) {
        partner = sess.getCurrentSessionPartner();
    } else {
        debug.error(classMethod + "session is null");
        return null;
    }
    String remoteIDPEntityID = null;
    if (partner != null) {
        remoteIDPEntityID = partner.getPartner();
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "Remote IDP EntityID = " + remoteIDPEntityID);
    }
    try {
        ni = handler.getNameIdentifier(userID, remoteIDPEntityID, true);
    } catch (Exception e) {
        debug.error(classMethod + "Exception caught when trying to get Name " + "Identifier between local SP and remote IDP: ", e);
        return null;
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "Name Identifier between local SP and " + " remote IDP: " + ni.toString());
    }
    FSNameIdentifierMappingRequest mappingRequest = null;
    try {
        mappingRequest = new FSNameIdentifierMappingRequest(hostedEntityID, ni, remoteSPEntityID);
    } catch (com.sun.identity.federation.message.common.FSMsgException fe) {
        debug.error(classMethod, fe);
        return null;
    }
    if (FSServiceUtils.isSigningOn()) {
        try {
            mappingRequest.signXML(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS));
        } catch (SAMLException se) {
            debug.error(classMethod, se);
            return null;
        }
    }
    IDPDescriptorType remoteProviderDesc = null;
    try {
        remoteProviderDesc = metaManager.getIDPDescriptor(realm, remoteIDPEntityID);
    } catch (IDFFMetaException fme1) {
        debug.error(classMethod, fme1);
        return null;
    }
    String remoteSOAPEndPoint = remoteProviderDesc.getSoapEndpoint();
    if (debug.messageEnabled()) {
        debug.message(classMethod + "IDP's soap end point=" + remoteSOAPEndPoint);
    }
    FSSOAPService soapService = FSSOAPService.getInstance();
    SOAPMessage returnMsg = null;
    try {
        SOAPMessage msg = soapService.bind(mappingRequest.toXMLString(true, true));
        returnMsg = soapService.sendMessage(msg, remoteSOAPEndPoint);
    } catch (FSMsgException mex) {
        debug.error(classMethod, mex);
        return null;
    } catch (java.io.IOException ioe) {
        debug.error(classMethod, ioe);
        return null;
    } catch (javax.xml.soap.SOAPException soape) {
        debug.error(classMethod, soape);
        return null;
    }
    Element elt = soapService.parseSOAPMessage(returnMsg);
    FSNameIdentifierMappingResponse mappingResponse = null;
    try {
        mappingResponse = new FSNameIdentifierMappingResponse(elt);
    } catch (FSMsgException fme2) {
        debug.error(classMethod, fme2);
        return null;
    }
    if (debug.messageEnabled()) {
        String resStr = null;
        try {
            resStr = mappingResponse.toXMLString();
        } catch (FSMsgException fme3) {
            debug.error(classMethod, fme3);
            return null;
        }
        debug.message(classMethod + "NameIdentifierMappingResponse: " + resStr);
    }
    if (FSServiceUtils.isSigningOn()) {
        if (FSNameMappingHandler.verifyNameIdMappingResponseSignature(elt, returnMsg, realm)) {
            if (debug.messageEnabled()) {
                debug.message(classMethod + "Success in verifying Name Identifier Mapping" + " Response Signature");
            }
        } else {
            debug.error(classMethod + "Failed verifying Name Identifier Mapping " + "Response");
            return null;
        }
    }
    return mappingResponse.getNameIdentifier();
}

Example 4 with BaseConfigType

use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.

the class LibertyManager method getListOfCOTs.

/**
     * Returns the List of COTs for the given Provider under a realm.
     *
     * @param realm The realm under which the entity resides.
     * @param providerId The ID of the provider whose <code>COTList</code>
     *  is to be found
     * @param providerRole The Role of the provider whose <code>COTList</code>
     *  is to be found
     * @return The set containing the authentication domains for the given
     *  provider.
     */
public static Set getListOfCOTs(String realm, String providerId, String providerRole) {
    Set returnSet = new HashSet();
    BaseConfigType hostConfig = IDFFMetaUtils.getExtendedConfig(realm, providerId, providerRole, metaManager);
    if (hostConfig != null) {
        List cotSet = IDFFMetaUtils.getAttributeValueFromConfig(hostConfig, IFSConstants.COT_LIST);
        if (cotSet != null && !cotSet.isEmpty()) {
            Iterator iter = cotSet.iterator();
            while (iter.hasNext()) {
                String cotID = (String) iter.next();
                try {
                    CircleOfTrustManager cotManager = new CircleOfTrustManager();
                    CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotID);
                    String tldURL = cotDesc.getIDFFWriterServiceURL();
                    String cotStatus = cotDesc.getCircleOfTrustStatus();
                    if (tldURL != null && tldURL.length() > 0 && cotStatus.equalsIgnoreCase(IFSConstants.ACTIVE)) {
                        returnSet.add((String) cotID);
                    }
                } catch (COTException fsExp) {
                    debug.error("LibertyManager: getListOfCots " + "COTException caught ", fsExp);
                }
            }
        }
        if (returnSet != null && returnSet.size() > 0) {
            if (debug.messageEnabled()) {
                debug.message("LibertyManager: getListOfCots returning " + " cot set with " + returnSet);
            }
        } else {
            if (debug.messageEnabled()) {
                debug.message("LibertyManager::getListOfCots returning" + " null. Looks like COT is not set");
            }
        }
    }
    return returnSet;
}

Example 5 with BaseConfigType

use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.

the class LibertyManager method getErrorPageURL.

/**
     * Returns the provider's error page.
     *
     * @param realm The realm under which the entity resides.
     * @param providerId Provider's entity ID.
     * @param providerRole Provider Role.
     * @param request HTTP servlet request.
     * @return the provider's error page.
     */
public static String getErrorPageURL(String realm, String providerId, String providerRole, HttpServletRequest request) {
    BaseConfigType providerConfig = IDFFMetaUtils.getExtendedConfig(realm, providerId, providerRole, metaManager);
    String metaAlias = null;
    if (providerConfig != null) {
        metaAlias = providerConfig.getMetaAlias();
    }
    return FSServiceUtils.getErrorPageURL(request, providerConfig, metaAlias);
}