Search in sources :

Example 11 with IDPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement in project OpenAM by OpenRock.

the class IDFFModelImpl method updateIDPAuthenticationContexts.

/**
     * update IDP Authentication Contexts
     *
     * @param realm Realm of Entity
     * @param entityName Name of Entity Descriptor.     
     * @param cxt IDFFAuthContexts object contains IDP
     *        Authentication Contexts values
     */
public void updateIDPAuthenticationContexts(String realm, String entityName, IDFFAuthContexts cxt) throws AMConsoleException {
    List list = cxt.toIDPAuthContextInfo();
    String[] params = { realm, entityName, "IDFF", "IDP-updateIDPAuthenticationContexts" };
    logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
    try {
        IDFFMetaManager idffMetaMgr = getIDFFMetaManager();
        EntityConfigElement entityConfig = idffMetaMgr.getEntityConfig(realm, entityName);
        if (entityConfig == null) {
            throw new AMConsoleException("invalid.entity.name");
        }
        IDPDescriptorConfigElement idpDecConfigElement = idffMetaMgr.getIDPDescriptorConfig(realm, entityName);
        if (idpDecConfigElement == null) {
            throw new AMConsoleException("invalid.config.element");
        } else {
            updateAttrInConfig(idpDecConfigElement, ATTR_IDP_AUTHN_CONTEXT_MAPPING, list);
        }
        //saves the attributes by passing the new entityConfig object
        idffMetaMgr.setEntityConfig(realm, entityConfig);
        logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
    } catch (IDFFMetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "IDFF", "IDP-updateIDPAuthenticationContexts", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(strError);
    }
    return;
}
Also used : IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ArrayList(java.util.ArrayList) List(java.util.List) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement) EntityConfigElement(com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement)

Example 12 with IDPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement in project OpenAM by OpenRock.

the class FSDefaultRealmAttributePlugin method getAttributeStatements.

/**
     * Returns list of <code>AttributeStatement</code>s by using attribute
     * map defined in the configuration.
     * @param realm The realm under which the entity resides.
     * @param hostEntityId Hosted identity provider entity id.
     * @param remoteEntityID Remote provider's entity id
     * @param subject Subject subject of the authenticated principal.
     * @param token user's session.
     * @return list of SAML <code>AttributeStatement<code>s.
     */
public List getAttributeStatements(String realm, String hostEntityId, String remoteEntityID, FSSubject subject, Object token) {
    FSUtils.debug.message("FSDefaultAttributePlugin.getAttributeStatements");
    Map attributeMap = null;
    try {
        IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
        if (metaManager != null) {
            IDPDescriptorConfigElement idpConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
            if (idpConfig != null) {
                Map attributes = IDFFMetaUtils.getAttributes(idpConfig);
                attributeMap = FSServiceUtils.parseAttributeConfig((List) attributes.get(IFSConstants.IDP_ATTRIBUTE_MAP));
            }
        }
    } catch (IDFFMetaException me) {
        FSUtils.debug.error("FSDefaultAttributePlugin.getAttribute" + "Statements: meta exception.", me);
        return null;
    }
    if (attributeMap == null || attributeMap.isEmpty()) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Statements: Attribute map configuration is empty.");
        }
        return null;
    } else {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Statements: Attribute map configuration: " + attributeMap);
        }
    }
    List statements = new ArrayList();
    List attributes = new ArrayList();
    try {
        Iterator iter = attributeMap.entrySet().iterator();
        while (iter.hasNext()) {
            Map.Entry entry = (Map.Entry) iter.next();
            String attributeName = (String) entry.getKey();
            String attributeValue = getAttributeValue(token, (String) entry.getValue());
            if (attributeValue != null) {
                Attribute attr = new Attribute(attributeName, SAMLConstants.assertionSAMLNameSpaceURI, attributeValue);
                attributes.add(attr);
            }
        }
        AttributeStatement statement = new AttributeStatement(subject, attributes);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Statements: attribute statement: " + statement.toString());
        }
        statements.add(statement);
        return statements;
    } catch (SAMLException ex) {
        FSUtils.debug.error("FSDefaultAttributePlugin.getAttribute" + "Statements: SAML Exception", ex);
    }
    return new ArrayList();
}
Also used : Attribute(com.sun.identity.saml.assertion.Attribute) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ArrayList(java.util.ArrayList) SAMLException(com.sun.identity.saml.common.SAMLException) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) List(java.util.List) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement) Map(java.util.Map)

Example 13 with IDPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement in project OpenAM by OpenRock.

the class ImportEntityModelImpl method createIDFFEntity.

private void createIDFFEntity() throws AMConsoleException {
    try {
        IDFFMetaManager metaManager = new IDFFMetaManager(null);
        com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement configElt = null;
        if (extendedMetaData != null) {
            configElt = getIDFFEntityConfigElement();
            if ((configElt != null) && configElt.isHosted()) {
                IDPDescriptorConfigElement idpConfig = IDFFMetaUtils.getIDPDescriptorConfig(configElt);
                if (idpConfig != null) {
                    SAML2MetaUtils.getRealmByMetaAlias(idpConfig.getMetaAlias());
                } else {
                    SPDescriptorConfigElement spConfig = IDFFMetaUtils.getSPDescriptorConfig(configElt);
                    if (spConfig != null) {
                        SAML2MetaUtils.getRealmByMetaAlias(spConfig.getMetaAlias());
                    }
                }
            }
        }
        importIDFFMetaData(metaManager);
        if (configElt != null) {
            metaManager.createEntityConfig(realm, configElt);
        }
    } catch (IDFFMetaException e) {
        throw new AMConsoleException(e);
    }
}
Also used : IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)

Example 14 with IDPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement in project OpenAM by OpenRock.

the class IDFFMetaManager method isTrustedProvider.

/**
     * Checks whether two entities are in the same circle of trust.
     *
     * @param realm The realm under which the entity resides.
     * @param hostedEntityID the hosted entity identifier.
     * @param entityID the identifier of the entity to be checked for trust.
     * @return true if both providers are in the same circle of trust.
     */
public boolean isTrustedProvider(String realm, String hostedEntityID, String entityID) {
    String classMethod = "IDFFMetaManager:isTrustedProvider";
    boolean isTrusted = false;
    try {
        SPDescriptorConfigElement spConfig = getSPDescriptorConfig(realm, entityID);
        if (spConfig != null) {
            isTrusted = isSameCircleOfTrust(spConfig, realm, entityID);
        } else {
            IDPDescriptorConfigElement idpConfig = getIDPDescriptorConfig(realm, entityID);
            if (idpConfig != null) {
                isTrusted = isSameCircleOfTrust(idpConfig, realm, entityID);
            }
        }
    } catch (IDFFMetaException ide) {
        debug.error(classMethod + "Error retrieving trust relationship" + "between " + hostedEntityID + "with " + entityID);
    }
    return isTrusted;
}
Also used : SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)

Example 15 with IDPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement in project OpenAM by OpenRock.

the class IDFFMetaManager method getEntityIDBySuccinctID.

/**
     * Returns entity ID associated with the succinct ID.
     *
     * @param realm The realm under which the entity resides.
     * @param succinctId Succinct ID of a IDP contained in the entity
     *        to be retrieved.
     * @return Entity ID associated with the succinct ID, or null if could
     *          not be found.
     * @throws IDFFMetaException if unable to retrieve the entity ID.
     */
public String getEntityIDBySuccinctID(String realm, String succinctId) throws IDFFMetaException {
    try {
        if (succinctId == null || succinctId.length() == 0) {
            return null;
        }
        // check cache first
        String entityId = IDFFMetaCache.getEntityBySuccinctID(succinctId);
        if (entityId != null) {
            if (debug.messageEnabled()) {
                debug.message("IDFFMetaManager.getEntityIDBySuccinctID :" + " found entity in cache, succinctId=" + succinctId + ", ID=" + entityId);
            }
            return entityId;
        }
        if ((realm == null) || (realm.length() == 0)) {
            realm = ROOT_REALM;
        }
        Set entityIds = idffMetaConfigInstance.getAllConfigurationNames(realm);
        if (entityIds == null || entityIds.isEmpty()) {
            return null;
        }
        for (Iterator iter = entityIds.iterator(); iter.hasNext(); ) {
            String tmpId = (String) iter.next();
            if (debug.messageEnabled()) {
                debug.message("IDFFMetaManager.getEntityIDBySuccinctID :" + " process entity cache for succinctID=" + succinctId + ", ID=" + tmpId);
            }
            IDPDescriptorConfigElement idpconfig = getIDPDescriptorConfig(realm, tmpId);
            if (idpconfig != null) {
                String tmpSuccinctId = FSUtils.generateSourceID(tmpId);
                if ((tmpSuccinctId != null) && (succinctId.equals(tmpSuccinctId))) {
                    // remember this and continue to process others,
                    entityId = tmpId;
                }
                IDFFMetaCache.setEntitySuccinctIDMapping(tmpSuccinctId, tmpId);
                if (debug.messageEnabled()) {
                    debug.message("IDFFMetaManager.getEntityBySuccinctID" + ": update cache, succinctId=" + tmpSuccinctId + ", entity ID=" + tmpId);
                }
            }
        }
        return entityId;
    } catch (ConfigurationException e) {
        debug.error("IDFFMetaManager.getEntityIDBySuccinctID:", e);
        throw new IDFFMetaException(e);
    }
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) ConfigurationException(com.sun.identity.plugin.configuration.ConfigurationException) Iterator(java.util.Iterator) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)

Aggregations

IDPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)16 SPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)8 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)8 IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)8 Iterator (java.util.Iterator)6 List (java.util.List)5 Map (java.util.Map)4 Set (java.util.Set)4 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)3 EntityConfigElement (com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement)3 ArrayList (java.util.ArrayList)3 HashSet (java.util.HashSet)3 CLIException (com.sun.identity.cli.CLIException)2 CircleOfTrustManager (com.sun.identity.cot.CircleOfTrustManager)2 ConfigurationException (com.sun.identity.plugin.configuration.ConfigurationException)2 Attribute (com.sun.identity.saml.assertion.Attribute)2 AttributeStatement (com.sun.identity.saml.assertion.AttributeStatement)2 SAMLException (com.sun.identity.saml.common.SAMLException)2 HashMap (java.util.HashMap)2 COTException (com.sun.identity.cot.COTException)1