Example 1 with IDPProvidedNameIdentifier
use of com.sun.identity.federation.message.common.IDPProvidedNameIdentifier in project OpenAM by OpenRock.
the class FSNameRegistrationHandler method setUserDN.
/**
* Determines the user based on the registration request received from
* a remote provider.
* @param regisRequest the name registration request
* @return <code>true</code> a user is found; <code>false</code> otherwise.
*/
public boolean setUserDN(FSNameRegistrationRequest regisRequest) {
try {
/**
* UserDN needs to be figured from registration request
* 1. If OldNameIdentifier does not exist then its from SP to IdP
* (first time)
* 2. If OldNameIdentifier exist then we could be SP, IdP
* Need to find out whether to replace with SPNI or IDPNI based on
* acctFedInfo that is retrieved based on OldNameIdentifier or
* IdpNameIdentifier
* If isIDP true then remote is IdP so replace remoteIdentifier
* with IDPNameIdentifier.
* If isIDP false then remote is SP so replace remoteIdentifier
* with SPNameIdentifier
*/
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("remoteEntityId : " + remoteEntityId);
}
Map env = new HashMap();
env.put(IFSConstants.FS_USER_PROVIDER_ENV_REGISTRATION_KEY, regisRequest);
OldProvidedNameIdentifier oldNameIdentifier = regisRequest.getOldProvidedNameIdentifier();
IDPProvidedNameIdentifier idpNameIdentifier = regisRequest.getIDPProvidedNameIdentifier();
SPProvidedNameIdentifier spNameIdentifier = regisRequest.getSPProvidedNameIdentifier();
if (oldNameIdentifier == null) {
FSUtils.debug.message("oldProvidedNameIdentifier is null :");
String opaqueHandle = idpNameIdentifier.getName();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("processRegistrationRequest IdPName : " + opaqueHandle);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Realm : " + realm);
}
String searchDomain = hostedEntityId;
String nameQualifier = idpNameIdentifier.getNameQualifier();
if (nameQualifier != null && (nameQualifier.length() != 0) && !nameQualifier.equals(remoteEntityId)) {
searchDomain = nameQualifier;
}
FSAccountFedInfoKey acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Search based on:" + hostedEntityId + opaqueHandle);
}
this.userID = managerInst.getUserID(acctkey, realm, env);
if (this.userID == null) {
FSUtils.debug.message("UserID is null");
return false;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("user id is " + userID);
}
try {
acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId, opaqueHandle);
} catch (FSAccountMgmtException e) {
FSUtils.debug.message("Failed to read account information");
return false;
}
newAcctInfo = new FSAccountFedInfo(remoteEntityId, idpNameIdentifier, spNameIdentifier, false);
newAcctInfo.setAffiliation(acctInfo.getAffiliation());
newAcctKey = new FSAccountFedInfoKey(searchDomain, idpNameIdentifier.getName());
return true;
} else {
FSUtils.debug.message("oldProvidedNameIdentifier not null");
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Realm : " + realm);
}
String opaqueHandle = "";
String nameQualifier = null;
boolean isSPEmpty = false;
String searchDomain = hostedEntityId;
if (spNameIdentifier != null && !(spNameIdentifier.equals(oldNameIdentifier))) {
opaqueHandle = spNameIdentifier.getName();
nameQualifier = spNameIdentifier.getNameQualifier();
} else {
isSPEmpty = true;
opaqueHandle = idpNameIdentifier.getName();
nameQualifier = idpNameIdentifier.getNameQualifier();
}
if (nameQualifier != null && (nameQualifier.length() != 0) && !nameQualifier.equals(hostedEntityId)) {
searchDomain = nameQualifier;
}
FSAccountFedInfoKey acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Search based on :" + searchDomain + " " + opaqueHandle);
}
this.userID = managerInst.getUserID(acctkey, realm, env);
if (this.userID == null) {
FSUtils.debug.message("UserID is null in step 3");
opaqueHandle = idpNameIdentifier.getName();
nameQualifier = idpNameIdentifier.getNameQualifier();
if (nameQualifier != null && (nameQualifier.length() != 0) && !nameQualifier.equals(hostedEntityId)) {
searchDomain = nameQualifier;
}
acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Search based on :" + searchDomain + " " + opaqueHandle);
}
this.userID = managerInst.getUserID(acctkey, realm, env);
if (this.userID == null) {
opaqueHandle = idpNameIdentifier.getName();
searchDomain = hostedEntityId;
acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
this.userID = managerInst.getUserID(acctkey, realm, env);
if (this.userID == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("UserID is null in " + "step 4");
}
opaqueHandle = oldNameIdentifier.getName();
searchDomain = oldNameIdentifier.getNameQualifier();
if ((searchDomain != null) && (searchDomain.length() != 0)) {
acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Search based on :" + searchDomain + " " + opaqueHandle);
}
this.userID = managerInst.getUserID(acctkey, realm, env);
}
}
if (this.userID == null) {
return false;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Found user : " + userID);
}
acctInfo = managerInst.readAccountFedInfo(userID, searchDomain, opaqueHandle);
if (acctInfo == null || !acctInfo.isFedStatusActive()) {
acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId, opaqueHandle);
}
if (acctInfo.isRoleIDP()) {
if (isSPEmpty) {
// set spNI to null since is empty
newAcctInfo = new FSAccountFedInfo(remoteEntityId, null, idpNameIdentifier, acctInfo.isRoleIDP());
newAcctInfo.setAffiliation(acctInfo.getAffiliation());
newAcctKey = new FSAccountFedInfoKey(searchDomain, idpNameIdentifier.getName());
} else {
newAcctInfo = new FSAccountFedInfo(remoteEntityId, spNameIdentifier, idpNameIdentifier, acctInfo.isRoleIDP());
newAcctInfo.setAffiliation(acctInfo.getAffiliation());
newAcctKey = new FSAccountFedInfoKey(searchDomain, spNameIdentifier.getName());
}
} else {
newAcctInfo = new FSAccountFedInfo(remoteEntityId, idpNameIdentifier, spNameIdentifier, acctInfo.isRoleIDP());
newAcctInfo.setAffiliation(acctInfo.getAffiliation());
newAcctKey = new FSAccountFedInfoKey(hostedEntityId, idpNameIdentifier.getName());
}
}
} else {
acctInfo = managerInst.readAccountFedInfo(userID, searchDomain, opaqueHandle);
if (acctInfo == null || !acctInfo.isFedStatusActive()) {
acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId, opaqueHandle);
}
newAcctInfo = new FSAccountFedInfo(remoteEntityId, idpNameIdentifier, spNameIdentifier, false);
newAcctInfo.setAffiliation(acctInfo.getAffiliation());
newAcctKey = new FSAccountFedInfoKey(searchDomain, idpNameIdentifier.getName());
}
} else {
acctInfo = managerInst.readAccountFedInfo(userID, searchDomain, opaqueHandle);
if (acctInfo == null || !acctInfo.isFedStatusActive()) {
acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId, opaqueHandle);
}
if (acctInfo.isRoleIDP()) {
if (isSPEmpty) {
// set spNI to null since is empty
newAcctInfo = new FSAccountFedInfo(remoteEntityId, null, idpNameIdentifier, acctInfo.isRoleIDP());
newAcctInfo.setAffiliation(acctInfo.getAffiliation());
newAcctKey = new FSAccountFedInfoKey(remoteEntityId, idpNameIdentifier.getName());
} else {
newAcctInfo = new FSAccountFedInfo(remoteEntityId, spNameIdentifier, idpNameIdentifier, acctInfo.isRoleIDP());
newAcctInfo.setAffiliation(acctInfo.getAffiliation());
newAcctKey = new FSAccountFedInfoKey(hostedEntityId, spNameIdentifier.getName());
}
} else {
newAcctInfo = new FSAccountFedInfo(remoteEntityId, idpNameIdentifier, spNameIdentifier, acctInfo.isRoleIDP());
newAcctInfo.setAffiliation(acctInfo.getAffiliation());
newAcctKey = new FSAccountFedInfoKey(hostedEntityId, idpNameIdentifier.getName());
}
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("user id is " + userID);
}
return true;
} catch (FSAccountMgmtException e) {
FSUtils.debug.error("In FSNameRegistrationHandler::setUserID: ", e);
}
this.userID = null;
return false;
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
HashMap(java.util.HashMap)
SPProvidedNameIdentifier(com.sun.identity.federation.message.common.SPProvidedNameIdentifier)
IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
Map(java.util.Map)
HashMap(java.util.HashMap)
OldProvidedNameIdentifier(com.sun.identity.federation.message.common.OldProvidedNameIdentifier)
Example 2 with IDPProvidedNameIdentifier
use of com.sun.identity.federation.message.common.IDPProvidedNameIdentifier in project OpenAM by OpenRock.
the class FSNameRegistrationHandler method createNameRegistrationRequest.
/**
* Generates the Name Registration request.
* @return FSNameRegistrationRequest
*/
private FSNameRegistrationRequest createNameRegistrationRequest(FSAccountFedInfo acctInfo) {
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Entered FSNameRegistrationHandler:: " + "createNameRegistrationRequest");
}
FSNameRegistrationRequest reqName = new FSNameRegistrationRequest();
if (reqName != null) {
reqName.setProviderId(hostedEntityId);
if (acctInfo.isRoleIDP()) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("calling of generateNameIdentifier Role : IdP ? " + acctInfo.isRoleIDP());
}
NameIdentifier nameIdentifier = generateNameIdentifier();
if (acctInfo.getAffiliation()) {
String affiliationID = FSServiceUtils.getAffiliationID(realm, remoteEntityId);
if (affiliationID != null) {
nameIdentifier.setNameQualifier(affiliationID);
}
} else {
nameIdentifier.setNameQualifier(hostedEntityId);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("out of generateNameIdentifier ****" + "\nNew SP nameIdentifier Qualifier: " + nameIdentifier.getNameQualifier() + "\nNew SP nameIdentifier Name :" + nameIdentifier.getName());
}
SPProvidedNameIdentifier newNameIdenifier = new SPProvidedNameIdentifier(nameIdentifier.getName(), nameIdentifier.getNameQualifier(), nameIdentifier.getFormat());
NameIdentifier remoteIdentifier = acctInfo.getRemoteNameIdentifier();
NameIdentifier localIdentifier = acctInfo.getLocalNameIdentifier();
reqName.setIDPProvidedNameIdentifier(new IDPProvidedNameIdentifier(remoteIdentifier.getName(), remoteIdentifier.getNameQualifier(), remoteIdentifier.getFormat()));
reqName.setSPProvidedNameIdentifier(newNameIdenifier);
if (localIdentifier != null) {
reqName.setOldProvidedNameIdentifier(new OldProvidedNameIdentifier(localIdentifier.getName(), localIdentifier.getNameQualifier(), localIdentifier.getFormat()));
try {
oldAcctKey = new FSAccountFedInfoKey(localIdentifier.getNameQualifier(), localIdentifier.getName());
} catch (FSAccountMgmtException e) {
oldAcctKey = null;
}
} else {
// when Service Provider sends the name reg. request
// for the first time, OldProvidedNameIdentifier is
// same as the IDPProvidedNameIdentifier as per the spec
reqName.setOldProvidedNameIdentifier(new OldProvidedNameIdentifier(remoteIdentifier.getName(), remoteIdentifier.getNameQualifier(), remoteIdentifier.getFormat()));
try {
oldAcctKey = new FSAccountFedInfoKey(remoteIdentifier.getNameQualifier(), remoteIdentifier.getName());
} catch (FSAccountMgmtException e) {
oldAcctKey = null;
}
}
try {
FSAccountFedInfoKey tmpKey = new FSAccountFedInfoKey(nameIdentifier.getNameQualifier(), nameIdentifier.getName());
FSAccountFedInfo tmpInfo = new FSAccountFedInfo(remoteEntityId, newNameIdenifier, remoteIdentifier, acctInfo.isRoleIDP());
tmpInfo.setAffiliation(acctInfo.getAffiliation());
returnMap.put("userID", userID);
returnMap.put("OldAccountKey", oldAcctKey);
if (oldAcctKey != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Get OldAcctKet Name : " + oldAcctKey.getName() + "\nGet OldAcctKet Qualifier : " + oldAcctKey.getNameSpace());
}
} else {
FSUtils.debug.message("OldAccount Key is null");
}
returnMap.put("AccountKey", tmpKey);
returnMap.put("AccountInfo", tmpInfo);
returnMap.put("RegisSource", regisSource);
returnMap.put(IFSConstants.LRURL, returnURL);
} catch (FSAccountMgmtException e) {
return null;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("calling of generateNameIdenti" + "fier Role : IdP ? " + acctInfo.isRoleIDP());
}
NameIdentifier nameIdentifier = generateNameIdentifier();
if (acctInfo.getAffiliation()) {
String affiliationID = FSServiceUtils.getAffiliationID(realm, remoteEntityId);
if (affiliationID != null) {
nameIdentifier.setNameQualifier(affiliationID);
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("New IDP nameIdentifier Name : " + nameIdentifier.getName() + "\nNew IDP nameIdentifier Qualifier :" + nameIdentifier.getNameQualifier() + "out of generateNameIdentifier*****");
}
IDPProvidedNameIdentifier newNameIdenifier = new IDPProvidedNameIdentifier(nameIdentifier.getName(), nameIdentifier.getNameQualifier(), nameIdentifier.getFormat());
NameIdentifier remoteIdentifier = // SP
acctInfo.getRemoteNameIdentifier();
NameIdentifier localIdentifier = // IdP
acctInfo.getLocalNameIdentifier();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Old IDP nameIdentifier Name : " + localIdentifier.getName() + "\nOld IDP nameIdentifier Qualifier :" + localIdentifier.getNameQualifier());
}
FSUtils.debug.message("To set OldProvidedNameIdentifier");
reqName.setOldProvidedNameIdentifier(new OldProvidedNameIdentifier(localIdentifier.getName(), localIdentifier.getNameQualifier(), localIdentifier.getFormat()));
FSUtils.debug.message("To set IdpProvidedNameIdentifier");
reqName.setIDPProvidedNameIdentifier(newNameIdenifier);
if (remoteIdentifier != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("SP nameIdentifier Name : " + remoteIdentifier.getName() + "SP nameIdentifier Qualifier :" + remoteIdentifier.getNameQualifier());
}
SPProvidedNameIdentifier spNameIdentifier = new SPProvidedNameIdentifier(remoteIdentifier.getName(), remoteIdentifier.getNameQualifier(), remoteIdentifier.getFormat());
reqName.setSPProvidedNameIdentifier(spNameIdentifier);
}
try {
oldAcctKey = new FSAccountFedInfoKey(hostedEntityId, localIdentifier.getName());
FSAccountFedInfoKey tmpKey = new FSAccountFedInfoKey(nameIdentifier.getNameQualifier(), nameIdentifier.getName());
FSAccountFedInfo tmpInfo = new FSAccountFedInfo(remoteEntityId, newNameIdenifier, remoteIdentifier, acctInfo.isRoleIDP());
returnMap.put("userID", userID);
returnMap.put("OldAccountKey", oldAcctKey);
returnMap.put("AccountKey", tmpKey);
returnMap.put("AccountInfo", tmpInfo);
returnMap.put("RegisSource", regisSource);
returnMap.put(IFSConstants.LRURL, returnURL);
if (oldAcctKey != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Get OldAcctKet Name : " + oldAcctKey.getName() + "\nGet OldAcctKet Qualifier: " + oldAcctKey.getNameSpace());
}
} else {
FSUtils.debug.message("OldAccount Key is null");
}
} catch (FSAccountMgmtException e) {
return null;
}
}
reqName.setMinorVersion(FSServiceUtils.getMinorVersion(remoteDescriptor.getProtocolSupportEnumeration()));
return reqName;
}
} catch (SAMLException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("got SAMLException:", e);
}
}
return null;
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)
SPProvidedNameIdentifier(com.sun.identity.federation.message.common.SPProvidedNameIdentifier)
OldProvidedNameIdentifier(com.sun.identity.federation.message.common.OldProvidedNameIdentifier)
SPProvidedNameIdentifier(com.sun.identity.federation.message.common.SPProvidedNameIdentifier)
FSNameRegistrationRequest(com.sun.identity.federation.message.FSNameRegistrationRequest)
IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLException(com.sun.identity.saml.common.SAMLException)
OldProvidedNameIdentifier(com.sun.identity.federation.message.common.OldProvidedNameIdentifier)
Example 3 with IDPProvidedNameIdentifier
use of com.sun.identity.federation.message.common.IDPProvidedNameIdentifier in project OpenAM by OpenRock.
the class CDCServlet method createAssertion.
private FSAssertion createAssertion(String destID, String sourceID, String tokenID, String authType, String strAuthInst, String userDN, String inResponseTo) throws FSException, SAMLException {
debug.message("Entering CDCServlet.createAssertion Method");
if ((destID == null) || (sourceID == null) || (tokenID == null) || (authType == null) || (userDN == null) || (inResponseTo == null)) {
debug.message("CDCServlet,createAssertion: null input");
throw new FSException(FSUtils.bundle.getString("nullInput"));
}
String securityDomain = sourceID;
NameIdentifier idpHandle = new NameIdentifier(URLEncDec.encode(tokenID), sourceID);
NameIdentifier spHandle = idpHandle;
String authMethod = authType;
Date authInstant = convertAuthInstanceToDate(strAuthInst);
if (debug.messageEnabled()) {
debug.message("CDCServlet.createAssertion " + "Creating Authentication Assertion for user with opaqueHandle =" + spHandle.getName() + " and SecurityDomain = " + securityDomain);
}
SubjectConfirmation subConfirmation = new SubjectConfirmation(IFSConstants.CONFIRMATION_METHOD_BEARER);
IDPProvidedNameIdentifier idpNi = new IDPProvidedNameIdentifier(idpHandle.getNameQualifier(), idpHandle.getName());
FSSubject sub = new FSSubject(spHandle, subConfirmation, idpNi);
SubjectLocality authLocality = new SubjectLocality(IPAddress, DNSAddress);
AuthnContext authnContextStmt = new AuthnContext(null, null);
FSAuthenticationStatement statement = new FSAuthenticationStatement(authMethod, authInstant, sub, authLocality, null, authnContextStmt);
//setReauthenticateOnOrAfter date
Date issueInstant = new Date();
// get this period from the config
Integer assertionTimeout = new Integer(IFSConstants.ASSERTION_TIMEOUT_DEFAULT);
long period = (assertionTimeout.intValue()) * 1000;
if (period < IFSConstants.ASSERTION_TIMEOUT_ALLOWED_DIFFERENCE) {
period = IFSConstants.ASSERTION_TIMEOUT_ALLOWED_DIFFERENCE;
}
Date notAfter = new Date(issueInstant.getTime() + period);
statement.setReauthenticateOnOrAfter(notAfter);
if (debug.messageEnabled()) {
debug.message("CDCServlet.createAssertion: " + "Authentication Statement: " + statement.toXMLString());
}
Conditions cond = new Conditions(issueInstant, notAfter);
if ((destID != null) && (destID.length() != 0)) {
List targets = new ArrayList(1);
targets.add(destID);
cond.addAudienceRestrictionCondition(new AudienceRestrictionCondition(targets));
}
if (debug.messageEnabled()) {
debug.message("CDCServlet.createAssertion: " + "Condition: " + cond.toString());
}
AssertionIDReference aID = new AssertionIDReference();
Set statements = new HashSet(2);
statements.add(statement);
FSAssertion assertion = new FSAssertion(aID.getAssertionIDReference(), sourceID, issueInstant, cond, statements, inResponseTo);
assertion.setID(aID.getAssertionIDReference());
String[] params = { FSUtils.bundle.getString("assertionCreated") + ":" + assertion.toString() };
LogUtil.access(Level.INFO, "CREATE_ASSERTION", params);
if (debug.messageEnabled()) {
debug.message("CDCServlet.createAssertion:" + " Returning Assertion: " + assertion.toXMLString());
}
return assertion;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)
FSSubject(com.sun.identity.federation.message.FSSubject)
FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement)
ArrayList(java.util.ArrayList)
Date(java.util.Date)
SubjectLocality(com.sun.identity.saml.assertion.SubjectLocality)
Conditions(com.sun.identity.saml.assertion.Conditions)
AuthnContext(com.sun.identity.federation.message.common.AuthnContext)
SubjectConfirmation(com.sun.identity.saml.assertion.SubjectConfirmation)
FSAssertion(com.sun.identity.federation.message.FSAssertion)
FSException(com.sun.identity.federation.common.FSException)
List(java.util.List)
ArrayList(java.util.ArrayList)
AudienceRestrictionCondition(com.sun.identity.saml.assertion.AudienceRestrictionCondition)
IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)
AssertionIDReference(com.sun.identity.saml.assertion.AssertionIDReference)
HashSet(java.util.HashSet)
Example 4 with IDPProvidedNameIdentifier
use of com.sun.identity.federation.message.common.IDPProvidedNameIdentifier in project OpenAM by OpenRock.
the class DiscoUtils method generateCredential.
private static String generateCredential(BitSet dirs, ResourceOffering current, Message message, String userDN, List credentials, SessionContext invoSession, String wscID, Object token) {
SecurityAssertion assertion = null;
try {
SecurityTokenManager secuMgr = new SecurityTokenManager(token);
NameIdentifier senderIdentity = null;
String providerID = wscID;
if ((providerID == null) || (providerID.length() == 0)) {
ProviderHeader ph = message.getProviderHeader();
if (ph != null) {
providerID = ph.getProviderID();
}
}
SessionContext invocatorSession = invoSession;
if (invocatorSession == null) {
invocatorSession = getSessionContext(message.getAssertion());
}
String tproviderID = current.getServiceInstance().getProviderID();
if (invocatorSession != null) {
try {
ProviderManager pm = ProviderUtil.getProviderManager();
SessionSubject sub = invocatorSession.getSessionSubject();
NameIdentifier ni = sub.getNameIdentifier();
if ((ni.getFormat() != null) && (ni.getFormat().equals("urn:liberty:iff:nameid:encrypted"))) {
ni = EncryptedNameIdentifier.getDecryptedNameIdentifier(ni, pm.getDecryptionKey(DiscoServiceManager.getDiscoProviderID()));
}
NameIdentifier newNi = null;
NameIdentifierMapper niMapper = DiscoServiceManager.getNameIdentifierMapper();
if (niMapper != null) {
String discoEntityID = DiscoServiceManager.getDiscoProviderID();
newNi = niMapper.getNameIdentifier(tproviderID, discoEntityID, ni, userDN);
}
if ((newNi != null) && !newNi.equals(ni)) {
sub.setNameIdentifier(newNi);
// modify IDPProvidedNameIdentifier, this should be
// a EncryptedIDPProvidedNameIdentifier, but not
// defined by specification.
// Or set this to null once we make it optional
// in SessionSubject class implementation
IDPProvidedNameIdentifier idpNi = sub.getIDPProvidedNameIdentifier();
if (idpNi != null) {
IDPProvidedNameIdentifier newIdpNi = new IDPProvidedNameIdentifier(newNi.getName(), newNi.getNameQualifier(), newNi.getFormat());
sub.setIDPProvidedNameIdentifier(newIdpNi);
}
} else if (pm.isNameIDEncryptionEnabled(tproviderID)) {
sub.setNameIdentifier(EncryptedNameIdentifier.getEncryptedNameIdentifier(ni, tproviderID, pm.getEncryptionKey(tproviderID), pm.getEncryptionKeyAlgorithm(tproviderID), pm.getEncryptionKeyStrength(tproviderID)));
} else {
sub.setNameIdentifier(ni);
}
invocatorSession.setSessionSubject(sub);
} catch (Exception ex) {
debug.error("DiscoUtils.handleDirective: En/Decryption" + " Exception:", ex);
return null;
}
}
Object resourceID = current.getEncryptedResourceID();
if (resourceID == null) {
resourceID = current.getResourceID();
if (resourceID == null) {
resourceID = (String) DiscoConstants.IMPLIED_RESOURCE;
} else {
resourceID = ((ResourceID) resourceID).getResourceID();
}
}
if (dirs.get(BEARER)) {
if (dirs.get(AUTHN) || dirs.get(AUTHO) || dirs.get(SESSION)) {
if ((providerID != null) && (providerID.length() != 0)) {
senderIdentity = new NameIdentifier(providerID, null, DiscoConstants.PROVIDER_ID_FORMAT);
} else {
senderIdentity = new NameIdentifier(userDN);
}
if (resourceID instanceof String) {
assertion = secuMgr.getSAMLBearerToken(senderIdentity, invocatorSession, (String) resourceID, dirs.get(AUTHN), dirs.get(AUTHO), tproviderID);
} else {
assertion = secuMgr.getSAMLBearerToken(senderIdentity, invocatorSession, (EncryptedResourceID) resourceID, dirs.get(AUTHN), dirs.get(AUTHO), tproviderID);
}
}
} else {
if ((providerID != null) && (providerID.length() != 0)) {
senderIdentity = new NameIdentifier(providerID, null, DiscoConstants.PROVIDER_ID_FORMAT);
} else {
senderIdentity = new NameIdentifier(userDN);
}
if (providerID != null) {
secuMgr.setCertAlias(ProviderUtil.getProviderManager().getSigningKeyAlias(providerID));
} else {
X509Certificate wscCert = message.getPeerCertificate();
if (wscCert == null) {
wscCert = message.getMessageCertificate();
if (wscCert == null) {
if (debug.messageEnabled()) {
debug.message("DiscoUtils.generateCredential:" + "client cert is null. Cannot generate " + "credential.");
}
return null;
}
}
secuMgr.setCertificate(wscCert);
}
if (resourceID instanceof String) {
assertion = secuMgr.getSAMLAuthorizationToken(senderIdentity, invocatorSession, (String) resourceID, dirs.get(AUTHN), dirs.get(AUTHO), tproviderID);
} else {
assertion = secuMgr.getSAMLAuthorizationToken(senderIdentity, invocatorSession, (EncryptedResourceID) resourceID, dirs.get(AUTHN), dirs.get(AUTHO), tproviderID);
}
}
} catch (Exception ex) {
debug.error("DiscoUtils.generateCredential:" + "cannot generate credential: ", ex);
}
if (assertion == null) {
debug.error("DiscoUtils.generateCredential: " + "cannot generate credential.");
return null;
} else {
credentials.add(assertion);
return assertion.getAssertionID();
}
}
Also used :
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)
EncryptedNameIdentifier(com.sun.identity.federation.message.common.EncryptedNameIdentifier)
EncryptedResourceID(com.sun.identity.liberty.ws.disco.EncryptedResourceID)
DiscoveryException(com.sun.identity.liberty.ws.disco.DiscoveryException)
X509Certificate(java.security.cert.X509Certificate)
ProviderHeader(com.sun.identity.liberty.ws.soapbinding.ProviderHeader)
ProviderManager(com.sun.identity.liberty.ws.util.ProviderManager)
NameIdentifierMapper(com.sun.identity.liberty.ws.disco.plugins.NameIdentifierMapper)
IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)
Example 5 with IDPProvidedNameIdentifier
use of com.sun.identity.federation.message.common.IDPProvidedNameIdentifier in project OpenAM by OpenRock.
the class FSNameRegistrationRequest method parseURLEncodedRequest.
/**
* Returns <code>FSNameRegistrationRequest</code> object. The
* object is creating by parsing the <code>HttpServletRequest</code>
* object.
*
* @param request the <code>HttpServletRequest</code> object.
* @throws FSMsgException if there is an error
* creating this object.
* @throws SAMLException if there is an error.
*/
public static FSNameRegistrationRequest parseURLEncodedRequest(HttpServletRequest request) throws FSMsgException, SAMLException {
FSNameRegistrationRequest retNameRegistrationRequest = new FSNameRegistrationRequest();
try {
FSUtils.debug.message("checking minor version");
retNameRegistrationRequest.majorVersion = Integer.parseInt(request.getParameter("MajorVersion"));
retNameRegistrationRequest.minorVersion = Integer.parseInt(request.getParameter("MinorVersion"));
} catch (NumberFormatException ex) {
FSUtils.debug.error("FSNameRegistrationRequest.parseURLEncoded" + "Request: Invalid versions", ex);
throw new FSMsgException("invalidNumber", null);
}
FSUtils.debug.message("checking RequestID");
if (request.getParameter("RequestID") != null) {
retNameRegistrationRequest.requestID = request.getParameter("RequestID");
} else {
FSUtils.debug.error("FSNameRegistrationRequest.parseURLEncoded" + "Request: RequestID not found");
String[] args = { IFSConstants.REQUEST_ID };
throw new FSMsgException("missingAttribute", args);
}
FSUtils.debug.message("checking instantString");
String instantString = request.getParameter("IssueInstant");
FSUtils.debug.message("instantString : " + instantString);
if (instantString == null || instantString.length() == 0) {
FSUtils.debug.error("FSNameRegistrationRequest.parseURLEncoded" + "Request: IssueInstant not found");
String[] args = { IFSConstants.ISSUE_INSTANT };
throw new FSMsgException("missingAttribute", args);
}
try {
FSUtils.debug.message("calling : DateUtils.stringToDate.issueInstant");
retNameRegistrationRequest.issueInstant = DateUtils.stringToDate(instantString);
} catch (ParseException e) {
FSUtils.debug.error("FSNameRegistrationRequest.parseURLEncoded" + "Request: Can not parse IssueInstant", e);
throw new FSMsgException("parseError", null);
}
if (request.getParameter("ProviderID") != null) {
retNameRegistrationRequest.providerId = request.getParameter("ProviderID");
} else {
FSUtils.debug.error("FSNameRegistrationRequest.parseURLEncoded" + "Request: Can not find ProviderID");
throw new FSMsgException("missingElement", null);
}
FSUtils.debug.message("start identifier processing");
String spNameFormat = "";
String spNameQualifier = "";
String spName = "";
if (request.getParameter("SPNameFormat") != null) {
spNameFormat = request.getParameter("SPNameFormat");
}
if (request.getParameter("SPNameQualifier") != null) {
spNameQualifier = request.getParameter("SPNameQualifier");
}
if (request.getParameter("SPProvidedNameIdentifier") != null) {
spName = request.getParameter("SPProvidedNameIdentifier");
}
if (spName != null && !(spName.length() < 1)) {
retNameRegistrationRequest.setSPProvidedNameIdentifier(new SPProvidedNameIdentifier(spName, spNameQualifier, spNameFormat));
}
String idpNameFormat = null;
String idpNameQualifier = null;
String idpName = null;
if (request.getParameter("IDPNameFormat") != null) {
idpNameFormat = request.getParameter("IDPNameFormat");
}
if (request.getParameter("IDPNameQualifier") != null) {
idpNameQualifier = request.getParameter("IDPNameQualifier");
}
if (request.getParameter("IDPProvidedNameIdentifier") != null) {
idpName = request.getParameter("IDPProvidedNameIdentifier");
}
if (idpName != null && !(idpName.length() < 1)) {
retNameRegistrationRequest.idpProvidedNameIdentifier = new IDPProvidedNameIdentifier(idpName, idpNameQualifier, idpNameFormat);
}
String oldNameFormat = null;
String oldNameQualifier = null;
String oldName = null;
if (request.getParameter("OldNameFormat") != null) {
oldNameFormat = request.getParameter("OldNameFormat");
}
if (request.getParameter("OldNameQualifier") != null) {
oldNameQualifier = request.getParameter("OldNameQualifier");
}
if (request.getParameter("OldProvidedNameIdentifier") != null) {
oldName = request.getParameter("OldProvidedNameIdentifier");
}
if (oldName != null && !(oldName.length() < 1)) {
retNameRegistrationRequest.oldProvidedNameIdentifier = new OldProvidedNameIdentifier(oldName, oldNameQualifier, oldNameFormat);
}
if (request.getParameter("RelayState") != null) {
retNameRegistrationRequest.relayState = request.getParameter("RelayState");
}
return retNameRegistrationRequest;
}
Also used :
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
SPProvidedNameIdentifier(com.sun.identity.federation.message.common.SPProvidedNameIdentifier)
ParseException(java.text.ParseException)
IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)
OldProvidedNameIdentifier(com.sun.identity.federation.message.common.OldProvidedNameIdentifier)
Aggregations
IDPProvidedNameIdentifier (com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)7
OldProvidedNameIdentifier (com.sun.identity.federation.message.common.OldProvidedNameIdentifier)4
SPProvidedNameIdentifier (com.sun.identity.federation.message.common.SPProvidedNameIdentifier)4
NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)4
SAMLException (com.sun.identity.saml.common.SAMLException)3
FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)2
FSAccountFedInfoKey (com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)2
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)2
FSException (com.sun.identity.federation.common.FSException)2
FSAssertion (com.sun.identity.federation.message.FSAssertion)2
FSAuthenticationStatement (com.sun.identity.federation.message.FSAuthenticationStatement)2
FSSubject (com.sun.identity.federation.message.FSSubject)2
AuthnContext (com.sun.identity.federation.message.common.AuthnContext)2
AssertionIDReference (com.sun.identity.saml.assertion.AssertionIDReference)2
AudienceRestrictionCondition (com.sun.identity.saml.assertion.AudienceRestrictionCondition)2
Conditions (com.sun.identity.saml.assertion.Conditions)2
SubjectConfirmation (com.sun.identity.saml.assertion.SubjectConfirmation)2
SubjectLocality (com.sun.identity.saml.assertion.SubjectLocality)2
ParseException (java.text.ParseException)2
ArrayList (java.util.ArrayList)2
