Examples with SPDescriptorConfigElement com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement used on opensource projects

Search in sources :

Example 11 with SPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement in project OpenAM by OpenRock.

the class FSDefaultSPAdapter method postSSOFederationSuccess.

/**
     * Invokes this method after the successful Single Sign-On or Federation.
     * @param hostedEntityID provider ID for the hosted SP
     * @param request servlet request
     * @param response servlet response
     * @param ssoToken user's SSO token
     * @param authnRequest the original authentication request sent from SP 
     * @param authnResponse response from IDP if Browser POST or LECP profile
     *        is used for the request, value will be null if Browser Artifact
     *        profile is used. 
     * @param samlResponse response from IDP if Browser Artifact profile is used
     *        for the request, value will be null if Browser POST or LECP 
     *        profile is used.
     * @exception FederationException if user want to fail the process.
     * @return true if browser redirection happened, false otherwise.
     */
public boolean postSSOFederationSuccess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, Object ssoToken, FSAuthnRequest authnRequest, FSAuthnResponse authnResponse, FSResponse samlResponse) throws FederationException {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSDefaultSPAdapter.postFedSuccess, " + "process " + hostedEntityID);
    }
    // find out if this is a federation request
    boolean isFederation = false;
    if (authnRequest == null) {
        FSUtils.debug.error("FSDefaultSPAdapter.postFedSuccess null");
    } else {
        String nameIDPolicy = authnRequest.getNameIDPolicy();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSDefaultSPAdapter.postSuccess " + nameIDPolicy);
        }
        if (nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_FEDERATED)) {
            isFederation = true;
        }
    }
    SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    if (isFederation && adminToken != null) {
        try {
            // get name Identifier
            String nameId = null;
            List assertions = null;
            String idpEntityId = null;
            if (authnResponse != null) {
                // POST profile
                assertions = authnResponse.getAssertion();
                idpEntityId = authnResponse.getProviderId();
            } else {
                // Artifact profile
                assertions = samlResponse.getAssertion();
            }
            FSAssertion assertion = (FSAssertion) assertions.iterator().next();
            if (idpEntityId == null) {
                idpEntityId = assertion.getIssuer();
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAdapter.postSuccess: idp=" + idpEntityId);
            }
            Iterator stmtIter = assertion.getStatement().iterator();
            while (stmtIter.hasNext()) {
                Statement statement = (Statement) stmtIter.next();
                int stmtType = statement.getStatementType();
                if (stmtType == Statement.AUTHENTICATION_STATEMENT) {
                    FSAuthenticationStatement authStatement = (FSAuthenticationStatement) statement;
                    FSSubject subject = (FSSubject) authStatement.getSubject();
                    NameIdentifier ni = subject.getIDPProvidedNameIdentifier();
                    if (ni == null) {
                        ni = subject.getNameIdentifier();
                    }
                    if (ni != null) {
                        nameId = ni.getName();
                    }
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAdapter.postSuccess: " + "found name id =" + nameId);
                    }
                    break;
                }
            }
            if (nameId == null) {
                FSUtils.debug.warning("FSAdapter.postSuc : null nameID");
                return false;
            }
            Map map = new HashMap();
            Set set = new HashSet();
            set.add("|" + hostedEntityID + "|" + nameId + "|");
            map.put("iplanet-am-user-federation-info-key", set);
            AMIdentityRepository idRepo = new AMIdentityRepository(adminToken, ((SSOToken) ssoToken).getProperty(ISAuthConstants.ORGANIZATION));
            IdSearchControl searchControl = new IdSearchControl();
            searchControl.setTimeOut(0);
            searchControl.setMaxResults(0);
            searchControl.setAllReturnAttributes(false);
            searchControl.setSearchModifiers(IdSearchOpModifier.AND, map);
            IdSearchResults searchResults = idRepo.searchIdentities(IdType.USER, "*", searchControl);
            Set amIdSet = searchResults.getSearchResults();
            if (amIdSet.size() > 1) {
                String univId = ((SSOToken) ssoToken).getProperty(Constants.UNIVERSAL_IDENTIFIER);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAdapter.postSuccess: found " + amIdSet.size() + " federation with same ID as " + univId);
                }
                String metaAlias = null;
                try {
                    IDFFMetaManager metaManager = new IDFFMetaManager(ssoToken);
                    if (metaManager != null) {
                        SPDescriptorConfigElement spConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityID);
                        if (spConfig != null) {
                            metaAlias = spConfig.getMetaAlias();
                        }
                    }
                } catch (IDFFMetaException ie) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAdapter.postSuccess: " + "couldn't find meta alias:", ie);
                    }
                }
                FSAccountManager accManager = FSAccountManager.getInstance(metaAlias);
                FSAccountFedInfoKey fedInfoKey = new FSAccountFedInfoKey(hostedEntityID, nameId);
                // previous federation exists with different users
                Iterator it = amIdSet.iterator();
                while (it.hasNext()) {
                    AMIdentity amId = (AMIdentity) it.next();
                    // compare with the SSO token
                    String tmpUnivId = IdUtils.getUniversalId(amId);
                    if (univId.equalsIgnoreCase(tmpUnivId)) {
                        continue;
                    }
                    // remove federation information for this user
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAdapter.postSucces, " + "remove fed info for user " + tmpUnivId);
                    }
                    accManager.removeAccountFedInfo(tmpUnivId, fedInfoKey, idpEntityId);
                }
            }
        } catch (FSAccountMgmtException f) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", f);
        } catch (IdRepoException i) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", i);
        } catch (SSOException e) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", e);
        }
    }
    return false;
}
Also used : SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) FSSubject(com.sun.identity.federation.message.FSSubject) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) HashMap(java.util.HashMap) IdSearchResults(com.sun.identity.idm.IdSearchResults) SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) SSOException(com.iplanet.sso.SSOException) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager) FSAssertion(com.sun.identity.federation.message.FSAssertion) Iterator(java.util.Iterator) IdSearchControl(com.sun.identity.idm.IdSearchControl) List(java.util.List) HashSet(java.util.HashSet) FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement) Statement(com.sun.identity.saml.assertion.Statement) FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) IdRepoException(com.sun.identity.idm.IdRepoException) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) AMIdentity(com.sun.identity.idm.AMIdentity) AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) Map(java.util.Map) HashMap(java.util.HashMap)

Example 12 with SPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement in project OpenAM by OpenRock.

the class ImportEntityModelImpl method createIDFFEntity.

private void createIDFFEntity() throws AMConsoleException {
    try {
        IDFFMetaManager metaManager = new IDFFMetaManager(null);
        com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement configElt = null;
        if (extendedMetaData != null) {
            configElt = getIDFFEntityConfigElement();
            if ((configElt != null) && configElt.isHosted()) {
                IDPDescriptorConfigElement idpConfig = IDFFMetaUtils.getIDPDescriptorConfig(configElt);
                if (idpConfig != null) {
                    SAML2MetaUtils.getRealmByMetaAlias(idpConfig.getMetaAlias());
                } else {
                    SPDescriptorConfigElement spConfig = IDFFMetaUtils.getSPDescriptorConfig(configElt);
                    if (spConfig != null) {
                        SAML2MetaUtils.getRealmByMetaAlias(spConfig.getMetaAlias());
                    }
                }
            }
        }
        importIDFFMetaData(metaManager);
        if (configElt != null) {
            metaManager.createEntityConfig(realm, configElt);
        }
    } catch (IDFFMetaException e) {
        throw new AMConsoleException(e);
    }
}
Also used : IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)

Example 13 with SPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement in project OpenAM by OpenRock.

the class IDFFMetaManager method isTrustedProvider.

/**
     * Checks whether two entities are in the same circle of trust.
     *
     * @param realm The realm under which the entity resides.
     * @param hostedEntityID the hosted entity identifier.
     * @param entityID the identifier of the entity to be checked for trust.
     * @return true if both providers are in the same circle of trust.
     */
public boolean isTrustedProvider(String realm, String hostedEntityID, String entityID) {
    String classMethod = "IDFFMetaManager:isTrustedProvider";
    boolean isTrusted = false;
    try {
        SPDescriptorConfigElement spConfig = getSPDescriptorConfig(realm, entityID);
        if (spConfig != null) {
            isTrusted = isSameCircleOfTrust(spConfig, realm, entityID);
        } else {
            IDPDescriptorConfigElement idpConfig = getIDPDescriptorConfig(realm, entityID);
            if (idpConfig != null) {
                isTrusted = isSameCircleOfTrust(idpConfig, realm, entityID);
            }
        }
    } catch (IDFFMetaException ide) {
        debug.error(classMethod + "Error retrieving trust relationship" + "between " + hostedEntityID + "with " + entityID);
    }
    return isTrusted;
}
Also used : SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)

Aggregations

SPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)13 IDPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)8 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)8 IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)8 List (java.util.List)5 HashSet (java.util.HashSet)4 Iterator (java.util.Iterator)4 Set (java.util.Set)4 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)3 EntityConfigElement (com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement)3 HashMap (java.util.HashMap)3 Map (java.util.Map)3 CLIException (com.sun.identity.cli.CLIException)2 Attribute (com.sun.identity.saml.assertion.Attribute)2 AttributeStatement (com.sun.identity.saml.assertion.AttributeStatement)2 SAMLException (com.sun.identity.saml.common.SAMLException)2 ArrayList (java.util.ArrayList)2 SSOException (com.iplanet.sso.SSOException)1 SSOToken (com.iplanet.sso.SSOToken)1 COTException (com.sun.identity.cot.COTException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial