Search in sources :

Example 36 with BaseConfigType

use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.

the class IDFFCOTUtils method removeCOTNameFromConfig.

/**
     * Iterates through a list of entity config elements and
     * removes the circle trust name from the entity config.
     */
private void removeCOTNameFromConfig(String realm, List configList, String cotName, EntityConfigElement entityConfig, IDFFMetaManager idffMetaMgr) throws IDFFMetaException {
    for (Iterator iter = configList.iterator(); iter.hasNext(); ) {
        BaseConfigType bConfig = (BaseConfigType) iter.next();
        List list = bConfig.getAttribute();
        for (Iterator iter2 = list.iterator(); iter2.hasNext(); ) {
            AttributeType avp = (AttributeType) iter2.next();
            if (avp.getName().trim().equalsIgnoreCase(COT_LIST)) {
                List avpl = avp.getValue();
                if (avpl != null && !avpl.isEmpty() && containsValue(avpl, cotName)) {
                    avpl.remove(cotName);
                    idffMetaMgr.setEntityConfig(realm, entityConfig);
                    break;
                }
            }
        }
    }
}
Also used : BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) AttributeType(com.sun.identity.federation.jaxb.entityconfig.AttributeType) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList)

Example 37 with BaseConfigType

use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.

the class IDFFCOTUtils method removeFromEntityConfig.

/**
     * Removes the circle trust name passed from the <code>cotlist</code>
     * list attribute in the Entity Config. The Service Provider and Identity
     * Provider Entity Configuration are updated.
     *
     * @param realm realm the entity resides in.
     * @param cotName the circle of trust name to be removed.
     * @param entityID the entity identifier of the provider.
     * @throws IDFFMetaException if there is an error updating the entity
     *          config.
     * @throws JAXBException if there is an error updating the entity config.
     */
public void removeFromEntityConfig(String realm, String cotName, String entityID) throws IDFFMetaException, JAXBException {
    String classMethod = "IDFFCOTUtils.removeFromEntityConfig: ";
    IDFFMetaManager idffMetaMgr = new IDFFMetaManager(callerSession);
    // Check whether the entity id existed in the DS
    EntityDescriptorElement entityDesc = idffMetaMgr.getEntityDescriptor(realm, entityID);
    if (entityDesc == null) {
        debug.error(classMethod + "No such entity: " + entityID);
        String[] data = { entityID };
        throw new IDFFMetaException("invalidEntityID", data);
    }
    EntityConfigElement entityConfig = idffMetaMgr.getEntityConfig(realm, entityID);
    if (entityConfig != null) {
        List spConfigList = entityConfig.getSPDescriptorConfig();
        List idpConfigList = entityConfig.getIDPDescriptorConfig();
        removeCOTNameFromConfig(realm, spConfigList, cotName, entityConfig, idffMetaMgr);
        removeCOTNameFromConfig(realm, idpConfigList, cotName, entityConfig, idffMetaMgr);
        BaseConfigType affiConfig = entityConfig.getAffiliationDescriptorConfig();
        if (affiConfig != null) {
            List affiConfigList = new ArrayList();
            affiConfigList.add(affiConfig);
            removeCOTNameFromConfig(realm, affiConfigList, cotName, entityConfig, idffMetaMgr);
        }
    }
}
Also used : BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) ArrayList(java.util.ArrayList) List(java.util.List) ArrayList(java.util.ArrayList) EntityDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement) EntityConfigElement(com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement)

Example 38 with BaseConfigType

use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.

the class FSAssertionArtifactHandler method sendProxyResponse.

/**
     * Sends the proxy authentication response to the proxying service
     * provider which has originally requested for the authentication.
     * @param requestID authnRequest id that is sent to the authenticating
     *  Identity Provider.
     */
protected void sendProxyResponse(String requestID) {
    FSUtils.debug.message("FSAssertionArtifactHandler.sendProxyResponse::");
    FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
    FSAuthnRequest origRequest = sessionManager.getProxySPAuthnRequest(requestID);
    if (FSUtils.debug.messageEnabled()) {
        try {
            FSUtils.debug.message("FSAssertionHandler.sendProxyResponse:" + origRequest.toXMLString());
        } catch (Exception ex) {
            FSUtils.debug.error("FSAssertionHandler.sendProxyResponse:" + "toString(): Failed.", ex);
        }
    }
    SPDescriptorType proxyDescriptor = sessionManager.getProxySPDescriptor(requestID);
    String proxySPEntityId = origRequest.getProviderId();
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionArtifactHandler.sendProxyResponse" + ":Original requesting service provider id:" + proxySPEntityId);
    }
    FSSession session = sessionManager.getSession(ssoToken);
    if (authnContextStmt != null) {
        String authnContext = authnContextStmt.getAuthnContextClassRef();
        session.setAuthnContext(authnContext);
    }
    session.addSessionPartner(new FSSessionPartner(proxySPEntityId, false));
    if (FSUtils.debug.messageEnabled()) {
        Iterator partners = session.getSessionPartners().iterator();
        while (partners.hasNext()) {
            FSSessionPartner part = (FSSessionPartner) partners.next();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("PARTNERS" + part.getPartner());
            }
        }
    }
    IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
    BaseConfigType proxySPConfig = null;
    try {
        proxySPConfig = metaManager.getSPDescriptorConfig(realm, proxySPEntityId);
    } catch (Exception e) {
        FSUtils.debug.error("FSAssertionArtifactHandler.sendProxyResponse:" + "Couldn't obtain proxy sp meta:", e);
    }
    FSProxyHandler handler = new FSProxyHandler(request, response, origRequest, proxyDescriptor, proxySPConfig, proxySPEntityId, origRequest.getRelayState(), ssoToken);
    IDPDescriptorType localIDPDesc = null;
    BaseConfigType localIDPConfig = null;
    String localIDPMetaAlias = null;
    try {
        localIDPDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
        localIDPConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
        localIDPMetaAlias = localIDPConfig.getMetaAlias();
    } catch (Exception e) {
        FSUtils.debug.error("FSAssertionartifactHandler.sendProxyResponse:" + "Exception when obtaining local idp meta:", e);
    }
    handler.setRealm(realm);
    handler.setHostedEntityId(hostEntityId);
    handler.setHostedDescriptor(localIDPDesc);
    handler.setHostedDescriptorConfig(localIDPConfig);
    handler.setMetaAlias(localIDPMetaAlias);
    handler.processAuthnRequest(origRequest, true);
}
Also used : BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType) FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest) FSSession(com.sun.identity.federation.services.FSSession) Iterator(java.util.Iterator) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException)

Example 39 with BaseConfigType

use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.

the class FSSSOAndFedHandler method sendProxyAuthnRequest.

/**
     * Sends a new AuthnRequest to the authenticating provider. 
     * @param authnRequest original AuthnRequest sent by the service provider.
     * @param preferredIDP IDP to be proxied.
     * @exception FSException for any federation failure.
     * @exception IOException if there is a failure in redirection.
     */
protected void sendProxyAuthnRequest(FSAuthnRequest authnRequest, String preferredIDP) throws FSException, IOException {
    FSAuthnRequest newAuthnRequest = getNewAuthnRequest(authnRequest);
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSSSOAndFedHandler.sendProxyAuthnRequest:" + "New Authentication request:" + newAuthnRequest.toXMLString());
    }
    FSSessionManager sessManager = FSSessionManager.getInstance(IDFFMetaUtils.getMetaAlias(realm, hostedEntityId, IFSConstants.SP, null));
    String requestID = newAuthnRequest.getRequestID();
    sessManager.setAuthnRequest(requestID, newAuthnRequest);
    sessManager.setProxySPDescriptor(requestID, spDescriptor);
    sessManager.setProxySPAuthnRequest(requestID, authnRequest);
    sessManager.setIDPEntityID(requestID, preferredIDP);
    String targetURL = null;
    SPDescriptorType localDescriptor = null;
    BaseConfigType localDescriptorConfig = null;
    try {
        IDPDescriptorType idpDescriptor = metaManager.getIDPDescriptor(realm, preferredIDP);
        targetURL = idpDescriptor.getSingleSignOnServiceURL();
        if (targetURL == null) {
            FSUtils.debug.error("FSSSOAndFedHandler.sendProxyAuthnRequest: Single " + "Sign-on service is not found for the proxying IDP");
            return;
        }
        localDescriptor = metaManager.getSPDescriptor(realm, hostedEntityId);
        localDescriptorConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
    } catch (Exception e) {
        FSUtils.debug.error("FSSSOAndFedHandler.sendProxyAuthnRequest:", e);
        return;
    }
    String queryString = newAuthnRequest.toURLEncodedQueryString();
    if (FSServiceUtils.isSigningOn()) {
        String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(localDescriptorConfig, IFSConstants.SIGNING_CERT_ALIAS);
        if (localDescriptor.isAuthnRequestsSigned()) {
            queryString = FSSignatureUtil.signAndReturnQueryString(queryString, certAlias);
        }
    }
    StringBuffer tmpURL = new StringBuffer(1000);
    if (targetURL.indexOf("?") != -1) {
        tmpURL.append(targetURL).append("&").append(queryString);
    } else {
        tmpURL.append(targetURL).append("?").append(queryString);
    }
    String redirectURL = tmpURL.toString();
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSSSOAndFedHandler.sendProxyAuthnRequest:" + "SSO URL to be redirected" + redirectURL);
    }
    response.setStatus(response.SC_MOVED_TEMPORARILY);
    response.setHeader("Location", redirectURL);
    response.sendRedirect(redirectURL);
}
Also used : BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType) FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSRedirectException(com.sun.identity.federation.common.FSRedirectException)

Example 40 with BaseConfigType

use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.

the class FSSSOAndFedService method onMessage.

/**
     * SOAP JAXM Listener implementation for LECP AuthnRequest.
     *
     * @param request <code>HttpServletRequest</code> object
     * @param response <code>HttpServletResponse</code> object
     * @param message SOAP message that contains LECP request
     */
public void onMessage(HttpServletRequest request, HttpServletResponse response, SOAPMessage message) {
    FSUtils.debug.message("FSSSOAndFedService.onMessage: Called");
    try {
        Element elt = soapService.parseSOAPMessage(message);
        if (elt == null) {
            FSUtils.debug.error("FSSSOAndFedService.onMessage: " + "Error in processing. Invalid SOAPMessage");
            response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
            returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
            return;
        }
        String eltTagName = (elt.getTagName().trim());
        String ns = elt.getNamespaceURI().trim();
        String nodeName = elt.getLocalName().trim();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedService.onMessage: " + "tagName: " + eltTagName + " namespaceUri: " + ns + " localName: " + nodeName);
        }
        if (nodeName.equalsIgnoreCase("AuthnRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI)) || (ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
            SOAPMessage retMessage = null;
            try {
                FSAuthnRequest authnRequest = new FSAuthnRequest(elt);
                String metaAlias = FSServiceUtils.getMetaAlias(request);
                IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
                String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
                String hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
                IDPDescriptorType hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
                BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
                FSSessionManager sessionService = FSSessionManager.getInstance(metaAlias);
                sessionService.setAuthnRequest(authnRequest.getRequestID(), authnRequest);
                handleLECPRequest(request, response, authnRequest, hostedDesc, hostedConfig, realm, hostEntityId, metaAlias);
                retMessage = null;
            } catch (Exception e) {
                FSUtils.debug.error("FSSSOAndFedService.onMessage: " + "Error in processing lecp AuthnRequest:", e);
                response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
                returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
                return;
            }
            returnSOAPMessage(retMessage, response);
            return;
        } else {
            FSUtils.debug.error("FSSSOAndFedService.onMessage: Invalid SOAP Request:" + nodeName);
        }
    } catch (Exception e) {
        FSUtils.debug.error("FSSSOAndFedService.onMessage: " + "Error in processing Request: Exception occured: ", e);
        response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
        java.io.ByteArrayOutputStream strm = new java.io.ByteArrayOutputStream();
        e.printStackTrace(new java.io.PrintStream(strm));
        FSUtils.debug.error(strm.toString());
        returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
        return;
    }
    returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
    return;
}
Also used : Element(org.w3c.dom.Element) FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest) SOAPMessage(javax.xml.soap.SOAPMessage) ServletException(javax.servlet.ServletException) SOAPException(javax.xml.soap.SOAPException) SessionException(com.sun.identity.plugin.session.SessionException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) FSSessionManager(com.sun.identity.federation.services.FSSessionManager)

Aggregations

BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)54 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)33 IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)18 List (java.util.List)18 FSException (com.sun.identity.federation.common.FSException)17 SessionException (com.sun.identity.plugin.session.SessionException)14 IOException (java.io.IOException)14 ArrayList (java.util.ArrayList)14 Iterator (java.util.Iterator)14 IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)13 SAMLException (com.sun.identity.saml.common.SAMLException)13 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)12 ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)12 FSSessionManager (com.sun.identity.federation.services.FSSessionManager)10 HashMap (java.util.HashMap)10 Map (java.util.Map)10 ServletException (javax.servlet.ServletException)10 FSAuthnRequest (com.sun.identity.federation.message.FSAuthnRequest)9 Set (java.util.Set)9 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)8