Search in sources :

Example 6 with SPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement in project OpenAM by OpenRock.

the class IDFFMetaManager method getEntityIDByMetaAlias.

/**
     * Returns entity ID associated with the metaAlias.
     *
     * @param metaAlias The Meta Alias of the provider.
     * @return entity ID associated with the metaAlias or null if not found.
     * @throws IDFFMetaException if unable to retrieve the entity id.
     */
public String getEntityIDByMetaAlias(String metaAlias) throws IDFFMetaException {
    try {
        if (metaAlias == null || metaAlias.length() == 0) {
            return null;
        }
        // check cache first
        String entityId = IDFFMetaCache.getEntityByMetaAlias(metaAlias);
        if (entityId != null) {
            if (debug.messageEnabled()) {
                debug.message("IDFFMetaManager.getEntityByMetaAlias :" + " found entity in cache, metaAlias=" + metaAlias + ", ID=" + entityId);
            }
            return entityId;
        }
        String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
        Set entityIds = idffMetaConfigInstance.getAllConfigurationNames(realm);
        if (entityIds == null || entityIds.isEmpty()) {
            return null;
        }
        for (Iterator iter = entityIds.iterator(); iter.hasNext(); ) {
            String tmpId = (String) iter.next();
            if (debug.messageEnabled()) {
                debug.message("IDFFMetaManager.getEntityByMetaAlias :" + " process entity cache for metaAlias=" + metaAlias + ", ID=" + tmpId);
            }
            SPDescriptorConfigElement spconfig = getSPDescriptorConfig(realm, tmpId);
            if (spconfig != null) {
                String tmpMetaAlias = spconfig.getMetaAlias();
                if (tmpMetaAlias != null && tmpMetaAlias.length() > 0) {
                    if (metaAlias.equals(tmpMetaAlias)) {
                        // remember this and continue to process others,
                        entityId = tmpId;
                    }
                    IDFFMetaCache.setMetaAliasEntityMapping(tmpMetaAlias, tmpId);
                    IDFFMetaCache.setMetaAliasRoleMapping(tmpMetaAlias, IFSConstants.SP);
                    if (debug.messageEnabled()) {
                        debug.message("IDFFMetaManager.getEntityByMetaAlias :" + " save to cache, metaAlias=" + tmpMetaAlias + ", ID=" + tmpId + ", role=" + IFSConstants.SP);
                    }
                }
            }
            IDPDescriptorConfigElement idpconfig = getIDPDescriptorConfig(realm, tmpId);
            if (idpconfig != null) {
                String tmpMetaAlias = idpconfig.getMetaAlias();
                if (tmpMetaAlias != null && tmpMetaAlias.length() > 0) {
                    if (metaAlias.equals(tmpMetaAlias)) {
                        // remember this and continue to process others,
                        entityId = tmpId;
                    }
                    IDFFMetaCache.setMetaAliasEntityMapping(tmpMetaAlias, tmpId);
                    IDFFMetaCache.setMetaAliasRoleMapping(tmpMetaAlias, IFSConstants.IDP);
                    if (debug.messageEnabled()) {
                        debug.message("IDFFMetaManager.getEntityByMetaAlias :" + " save to cache, metaAlias=" + tmpMetaAlias + ", ID=" + tmpId + ", role=" + IFSConstants.IDP);
                    }
                }
            }
        }
        return entityId;
    } catch (ConfigurationException e) {
        debug.error("IDFFMetaManager.getEntityByMetaAlias:", e);
        throw new IDFFMetaException(e);
    }
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) ConfigurationException(com.sun.identity.plugin.configuration.ConfigurationException) Iterator(java.util.Iterator) SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)

Example 7 with SPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement in project OpenAM by OpenRock.

the class FSDefaultRealmAttributeMapper method getAttributes.

/**
     * Returns the attribute map for the given list of 
     * <code>AttributeStatement</code>s. 
     * @param statements list of <code>AttributeStatements</code>s.
     * @param realm The realm under which the entity resides.
     * @param hostEntityId Hosted provider entity id.
     * @param remoteEntityId Remote provider entity id.
     * @param token Single sign-on session token.
     * @return map of attribute values. The  map will have the key as the
     *             attribute name and the map value is the attribute value
     *             that are passed via the single sign-on assertion.
     */
public Map getAttributes(List statements, String realm, String hostEntityId, String remoteEntityId, Object token) {
    Map map = new HashMap();
    if (statements == null || statements.size() == 0) {
        return map;
    }
    Map configMap = null;
    try {
        IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
        if (metaManager != null) {
            SPDescriptorConfigElement spConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId);
            if (spConfig != null) {
                Map attributes = IDFFMetaUtils.getAttributes(spConfig);
                configMap = FSServiceUtils.parseAttributeConfig((List) attributes.get(IFSConstants.SP_ATTRIBUTE_MAP));
            }
        }
    } catch (IDFFMetaException fme) {
        FSUtils.debug.error("FSDefaultAttributeMapper.getAttributes:" + " Unable to read configuration map.", fme);
        return map;
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSDefaultAttributeMapper.getAttributeMap: Configured map " + configMap);
    }
    for (Iterator iter = statements.iterator(); iter.hasNext(); ) {
        AttributeStatement statement = (AttributeStatement) iter.next();
        List attributes = statement.getAttribute();
        if (attributes == null || attributes.size() == 0) {
            continue;
        }
        Iterator iter1 = attributes.iterator();
        while (iter1.hasNext()) {
            Attribute attribute = (Attribute) iter1.next();
            List values = null;
            try {
                values = attribute.getAttributeValue();
            } catch (SAMLException ex) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSDefaultAttributeMapper.get" + "Attributes: Exception", ex);
                }
                continue;
            }
            if (values == null || values.size() == 0) {
                continue;
            }
            String attributeName = attribute.getAttributeName();
            if (configMap != null && !configMap.isEmpty()) {
                String realAttrName = (String) configMap.get(attributeName);
                if (realAttrName != null && realAttrName.length() > 0) {
                    attributeName = realAttrName;
                }
            }
            //Retrieve the first only one.
            String valueString = XMLUtils.getElementValue((Element) values.get(0));
            if (valueString != null && valueString.length() > 0) {
                map.put(attributeName, valueString);
            }
        }
    }
    return map;
}
Also used : HashMap(java.util.HashMap) Attribute(com.sun.identity.saml.assertion.Attribute) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement) SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) Iterator(java.util.Iterator) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map) SAMLException(com.sun.identity.saml.common.SAMLException)

Example 8 with SPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement in project OpenAM by OpenRock.

the class IDFFMetaManager method addEntityToCOT.

/**
     * Adds an entity identifier to circle of trust.
     *
     * @param realm The realm under which the entity resides in
     * @param entityID the entity identifier.
     * @throws IDFFMetaException if there is an error adding entity to circle
     *         of trust.
     */
private void addEntityToCOT(String realm, String entityID) throws IDFFMetaException {
    IDPDescriptorConfigElement idpConfig = getIDPDescriptorConfig(realm, entityID);
    if (idpConfig != null) {
        addToCircleOfTrust(idpConfig, realm, entityID);
    }
    SPDescriptorConfigElement spConfig = getSPDescriptorConfig(realm, entityID);
    if (spConfig != null) {
        addToCircleOfTrust(spConfig, realm, entityID);
    }
}
Also used : SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)

Example 9 with SPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement in project OpenAM by OpenRock.

the class IDFFMetaSecurityUtils method updateProviderKeyInfo.

/**
     * Updates signing or encryption key info for SP or IDP. 
     * This will update both signing/encryption alias on extended metadata and
     * certificates in standard metadata. 
     * @param realm Realm the entity resides.
     * @param entityID ID of the entity to be updated.  
     * @param certAlias Alias of the certificate to be set to the entity. If
     *        null, will remove existing key information from the SP or IDP.
     * @param isSigning true if this is signing certificate alias, false if 
     *        this is encryption certification alias.
     * @param isIDP true if this is for IDP signing/encryption alias, false
     *        if this is for SP signing/encryption alias
     * @param encAlgo Encryption algorithm URI, this is applicable for
     *        encryption cert only.
     * @param keySize Encryption key size, this is applicable for
     *        encryption cert only. 
     * @throws IDFFMetaException if failed to update the certificate alias for 
     *        the entity.
     */
public static void updateProviderKeyInfo(String realm, String entityID, String certAlias, boolean isSigning, boolean isIDP, String encAlgo, int keySize) throws IDFFMetaException {
    IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
    EntityConfigElement config = metaManager.getEntityConfig(realm, entityID);
    if (!config.isHosted()) {
        String[] args = { entityID, realm };
        throw new IDFFMetaException("entityNotHosted", args);
    }
    EntityDescriptorElement desp = metaManager.getEntityDescriptor(realm, entityID);
    if (isIDP) {
        IDPDescriptorConfigElement idpConfig = IDFFMetaUtils.getIDPDescriptorConfig(config);
        IDPDescriptorType idpDesp = IDFFMetaUtils.getIDPDescriptor(desp);
        if ((idpConfig == null) || (idpDesp == null)) {
            String[] args = { entityID, realm };
            throw new IDFFMetaException("entityNotIDP", args);
        }
        // update standard metadata
        if ((certAlias == null) || (certAlias.length() == 0)) {
            // remove key info
            removeKeyDescriptor(idpDesp, isSigning);
            if (isSigning) {
                setExtendedAttributeValue(idpConfig, IFSConstants.SIGNING_CERT_ALIAS, null);
            } else {
                setExtendedAttributeValue(idpConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, null);
            }
        } else {
            KeyDescriptorElement kde = getKeyDescriptor(certAlias, isSigning, encAlgo, keySize);
            updateKeyDescriptor(idpDesp, kde);
            // update extended metadata
            Set value = new HashSet();
            value.add(certAlias);
            if (isSigning) {
                setExtendedAttributeValue(idpConfig, IFSConstants.SIGNING_CERT_ALIAS, value);
            } else {
                setExtendedAttributeValue(idpConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, value);
            }
        }
        metaManager.setEntityDescriptor(realm, desp);
        metaManager.setEntityConfig(realm, config);
    } else {
        SPDescriptorConfigElement spConfig = IDFFMetaUtils.getSPDescriptorConfig(config);
        SPDescriptorType spDesp = IDFFMetaUtils.getSPDescriptor(desp);
        if ((spConfig == null) || (spDesp == null)) {
            String[] args = { entityID, realm };
            throw new IDFFMetaException("entityNotSP", args);
        }
        // update standard metadata
        if ((certAlias == null) || (certAlias.length() == 0)) {
            // remove key info
            removeKeyDescriptor(spDesp, isSigning);
            if (isSigning) {
                setExtendedAttributeValue(spConfig, IFSConstants.SIGNING_CERT_ALIAS, null);
            } else {
                setExtendedAttributeValue(spConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, null);
            }
        } else {
            KeyDescriptorElement kde = getKeyDescriptor(certAlias, isSigning, encAlgo, keySize);
            updateKeyDescriptor(spDesp, kde);
            // update extended metadata
            Set value = new HashSet();
            value.add(certAlias);
            if (isSigning) {
                setExtendedAttributeValue(spConfig, IFSConstants.SIGNING_CERT_ALIAS, value);
            } else {
                setExtendedAttributeValue(spConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, value);
            }
        }
        metaManager.setEntityDescriptor(realm, desp);
        metaManager.setEntityConfig(realm, config);
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType) EntityDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement) IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement) KeyDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.KeyDescriptorElement) EntityConfigElement(com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement) HashSet(java.util.HashSet)

Example 10 with SPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement in project OpenAM by OpenRock.

the class IDFFMetaManager method removeEntityFromCOT.

/**
     * Removes and entity identifier from circle of trust.
     * @param realm The realm under which the entity resides.
     * @param entityID the entity identifier.
     * @throws IDFFMetaException if there is an error remove entity.
     */
private void removeEntityFromCOT(String realm, String entityID) throws IDFFMetaException {
    IDPDescriptorConfigElement idpConfig = getIDPDescriptorConfig(realm, entityID);
    if (idpConfig != null) {
        removeFromCircleOfTrust(idpConfig, realm, entityID);
    }
    SPDescriptorConfigElement spConfig = getSPDescriptorConfig(realm, entityID);
    if (spConfig != null) {
        removeFromCircleOfTrust(spConfig, realm, entityID);
    }
    AffiliationDescriptorConfigElement affiConfig = getAffiliationDescriptorConfig(realm, entityID);
    if (affiConfig != null) {
        removeFromCircleOfTrust(affiConfig, realm, entityID);
    }
}
Also used : SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement) AffiliationDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.AffiliationDescriptorConfigElement)

Aggregations

SPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)13 IDPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)8 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)8 IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)8 List (java.util.List)5 HashSet (java.util.HashSet)4 Iterator (java.util.Iterator)4 Set (java.util.Set)4 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)3 EntityConfigElement (com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement)3 HashMap (java.util.HashMap)3 Map (java.util.Map)3 CLIException (com.sun.identity.cli.CLIException)2 Attribute (com.sun.identity.saml.assertion.Attribute)2 AttributeStatement (com.sun.identity.saml.assertion.AttributeStatement)2 SAMLException (com.sun.identity.saml.common.SAMLException)2 ArrayList (java.util.ArrayList)2 SSOException (com.iplanet.sso.SSOException)1 SSOToken (com.iplanet.sso.SSOToken)1 COTException (com.sun.identity.cot.COTException)1