use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class IDFFProviderManager method isNameIDEncryptionEnabled.
/**
* Returns whether the specified provider requires name ID encryption
* or not.
* @param providerID provider ID.
* @return true if the specified provider requires name ID encryption,
* false if it doesn't.
*/
public boolean isNameIDEncryptionEnabled(String providerID) {
EntityConfigElement entityConfig = null;
try {
entityConfig = idffMetaManager.getEntityConfig(ROOT_REALM, providerID);
} catch (IDFFMetaException imex) {
ProviderUtil.debug.error("IDFFProviderManager.isNameIDEncryptionEnabled:", imex);
}
if (entityConfig == null) {
return false;
}
BaseConfigType baseConfig = IDFFMetaUtils.getSPDescriptorConfig(entityConfig);
if (baseConfig == null) {
baseConfig = IDFFMetaUtils.getIDPDescriptorConfig(entityConfig);
if (baseConfig == null) {
return false;
}
}
Map attrMap = IDFFMetaUtils.getAttributes(baseConfig);
if ((attrMap == null) || (attrMap.isEmpty())) {
return false;
}
List values = (List) attrMap.get(IFSConstants.ENABLE_NAMEID_ENCRYPTION);
if ((values == null) || values.isEmpty()) {
return false;
}
return ((String) values.get(0)).equalsIgnoreCase("true");
}
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class FSPostLogin method doConsentToIntro.
/**
* Returns the Introduction Writer URL.
*
* @param metaAlias the provider alias.
* @param targetURL the url the writer servlet will redirect to.
* @param cotSelected the name of the Circle fo Trust.
* @return the writer url.
* @exception FSPostLoginException on error.
*/
private String doConsentToIntro(String metaAlias, String targetURL, String cotSelected) throws FSPostLoginException {
String tldURL = null;
try {
if (entityID == null) {
if (metaManager != null) {
entityID = metaManager.getEntityIDByMetaAlias(metaAlias);
}
}
if (realm == null) {
realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
}
CircleOfTrustManager cotManager = new CircleOfTrustManager();
CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotSelected);
if (cotDesc != null && (cotDesc.getCircleOfTrustStatus()).equalsIgnoreCase(IFSConstants.ACTIVE)) {
tldURL = cotDesc.getIDFFWriterServiceURL();
}
} catch (IDFFMetaException metaExp) {
FSUtils.debug.error("FSPostLogin::doConsentToIntro in cot managment expextion:", metaExp);
tldURL = null;
} catch (COTException meta2Exp) {
FSUtils.debug.error("FSPostLogin::doConsentToIntro in cot managment expextion:", meta2Exp);
tldURL = null;
}
String redirectURL = targetURL;
if (tldURL != null && entityID != null) {
redirectURL = new StringBuffer().append(tldURL).append(IFSConstants.QUESTION_MARK).append(IFSConstants.LRURL).append(IFSConstants.EQUAL_TO).append(URLEncDec.encode(targetURL)).append(IFSConstants.AMPERSAND).append(IFSConstants.PROVIDER_ID_KEY).append(IFSConstants.EQUAL_TO).append(URLEncDec.encode(entityID)).toString();
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::doConsentToIntro return url" + redirectURL);
}
return redirectURL;
}
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class CircleOfTrustManager method updateIDFFEntityConfig.
/**
* Updates the IDFF Entity Configuration.
*
* @param realm the realm name.
* @param cotName the circle of trust name.
* @param trustedProviders set of trusted provider names.
* @throws COTException if there is an error updating the configuration.
*/
void updateIDFFEntityConfig(String realm, String cotName, Set trustedProviders) throws COTException {
String classMethod = "COTManager:updateIDFFEntityConfig";
IDFFCOTUtils idffCotUtils = new IDFFCOTUtils(callerSession);
String entityId = null;
if (trustedProviders != null && !trustedProviders.isEmpty()) {
for (Iterator iter = trustedProviders.iterator(); iter.hasNext(); ) {
entityId = (String) iter.next();
try {
idffCotUtils.updateEntityConfig(realm, cotName, entityId);
} catch (IDFFMetaException idfe) {
throw new COTException(idfe);
} catch (JAXBException jbe) {
debug.error(classMethod, jbe);
String[] data = { jbe.getMessage(), cotName, entityId, realm };
LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_CREATE_COT_DESCRIPTOR, data);
throw new COTException(jbe);
}
}
}
}
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class FSAssertionManager method createFSAssertion.
/**
* Creates an assertion artifact.
* @param id session ID
* @param artifact assertion artifact
* @param realm the realm under which the entity resides.
* @param spEntityID service provider's entity ID
* @param spHandle service provider issued <code>NameIdentifier</code>
* @param idpHandle identity provider issued <code>NameIdentifier</code>
* @param inResponseTo value to InResponseTo attribute. It's the request ID.
* @param assertionMinorVersion minor version the assertion should use
* @exception FSException,SAMLException if error occurrs
*/
public FSAssertion createFSAssertion(String id, AssertionArtifact artifact, String realm, String spEntityID, NameIdentifier spHandle, NameIdentifier idpHandle, String inResponseTo, int assertionMinorVersion) throws FSException, SAMLException {
FSUtils.debug.message("FSAssertionManager.createFSAssertion(id): Called");
// check input
if ((id == null) || (spEntityID == null)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager: null input for" + " method createFSAssertion.");
}
throw new FSException("nullInput", null);
}
String destID = spEntityID;
String authMethod = null;
String authnContextStatementRef = null;
String authnContextClassRef = null;
Date authInstant = null;
String securityDomain = null;
Object token = null;
String univId = null;
SubjectLocality authLocality = null;
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
Map attributes = new HashMap();
if (metaManager != null) {
BaseConfigType idpConfig = null;
try {
idpConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
} catch (IDFFMetaException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createFSAssertion: exception while" + " obtaining idp extended meta:", e);
}
idpConfig = null;
}
if (idpConfig != null) {
attributes = IDFFMetaUtils.getAttributes(idpConfig);
}
}
try {
SessionProvider sessionProvider = SessionManager.getProvider();
token = sessionProvider.getSession(id);
String[] strAuthInst = null;
try {
strAuthInst = sessionProvider.getProperty(token, SessionProvider.AUTH_INSTANT);
} catch (UnsupportedOperationException ue) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSAssertionManager.createFSAssertion(id):", ue);
}
} catch (SessionException se) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSAssertionManager.createFSAssertion(id):", se);
}
}
if ((strAuthInst != null) && (strAuthInst.length >= 1)) {
try {
authInstant = DateUtils.stringToDate(strAuthInst[0]);
} catch (ParseException ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager." + "createFSAssertion(id): AuthInstant not found" + "in the Token");
}
}
} else {
authInstant = new java.util.Date();
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createFSAssertion(id):AuthInstant = " + authInstant);
}
try {
String[] strAuthMethod = sessionProvider.getProperty(token, SessionProvider.AUTH_METHOD);
if ((strAuthMethod != null) && (strAuthMethod.length >= 1)) {
authMethod = strAuthMethod[0];
}
} catch (UnsupportedOperationException ue) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSAssertionManager.createFSAssertion(id):", ue);
}
} catch (SessionException se) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSAssertionManager.createFSAssertion(id):", se);
}
}
String assertionIssuer = IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.ASSERTION_ISSUER);
if (assertionIssuer == null) {
assertionIssuer = SystemConfigurationUtil.getProperty("com.iplanet.am.server.host");
}
try {
String ipAddress = InetAddress.getByName(assertionIssuer).getHostAddress();
authLocality = new SubjectLocality(ipAddress, assertionIssuer);
} catch (UnknownHostException uhe) {
FSUtils.debug.error("FSAssertionManager.constructor: couldn't" + " obtain the localhost's ipaddress:", uhe);
}
try {
FSSession session = sessionManager.getSession(token);
authnContextClassRef = session.getAuthnContext();
authnContextStatementRef = authnContextClassRef;
} catch (Exception ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createFSAssertion" + "(id): AuthnContextStatement for the token is null" + " Assertion will not contain any " + " AuthenticationStatement");
}
authnContextStatementRef = null;
}
if (authnContextStatementRef != null) {
if (assertionMinorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION) {
authMethod = IFSConstants.AC_XML_NS;
} else {
authMethod = IFSConstants.AC_12_XML_NS;
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createFSAssertion(id):" + "AuthnContextStatement used for authenticating the user: " + authnContextStatementRef);
}
univId = sessionProvider.getPrincipalName(token);
securityDomain = hostEntityId;
} catch (Exception e) {
FSUtils.debug.error("FSAssertionManager.createAssertion(id):" + " exception retrieving info from the session: ", e);
throw new FSException("alliance_manager_no_local_descriptor", null, e);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Creating Authentication Assertion for user with" + "opaqueHandle= " + spHandle.getName() + " And SecurityDomain= " + securityDomain);
}
SubjectConfirmation subConfirmation = null;
String artString = null;
if (artifact != null) {
artString = artifact.getAssertionArtifact();
if (assertionMinorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION) {
subConfirmation = new SubjectConfirmation(SAMLConstants.DEPRECATED_CONFIRMATION_METHOD_ARTIFACT);
} else {
subConfirmation = new SubjectConfirmation(SAMLConstants.CONFIRMATION_METHOD_ARTIFACT);
}
subConfirmation.setSubjectConfirmationData(artString);
} else {
// set to bearer for POST profile
subConfirmation = new SubjectConfirmation(SAMLConstants.CONFIRMATION_METHOD_BEARER);
}
IDPProvidedNameIdentifier idpNi = null;
if (assertionMinorVersion == IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION || assertionMinorVersion == IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION) {
idpNi = new IDPProvidedNameIdentifier(idpHandle.getName(), idpHandle.getNameQualifier(), spHandle.getFormat());
idpNi.setMinorVersion(IFSConstants.FF_12_PROTOCOL_MINOR_VERSION);
} else {
idpNi = new IDPProvidedNameIdentifier(idpHandle.getNameQualifier(), idpHandle.getName());
}
FSSubject sub = new FSSubject(spHandle, subConfirmation, idpNi);
AuthnContext authnContext = new AuthnContext(authnContextClassRef, authnContextStatementRef);
authnContext.setMinorVersion(assertionMinorVersion);
FSAuthenticationStatement statement = new FSAuthenticationStatement(authMethod, authInstant, sub, authLocality, null, authnContext);
FSSession session = sessionManager.getSession(univId, id);
if (session == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id): " + "AssertionManager could not find a valid Session for" + "userId: " + univId + " SessionID: " + id);
}
return null;
}
String sessionIndex = session.getSessionIndex();
if (sessionIndex == null) {
sessionIndex = SAMLUtils.generateID();
session.setSessionIndex(sessionIndex);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id): SessionIndex: " + sessionIndex);
}
statement.setSessionIndex(sessionIndex);
//setReauthenticateOnOrAfter date
Date issueInstant = new Date();
// get this period from the config
FSUtils.debug.message("here before date");
Date notAfter;
if (artifact != null) {
notAfter = new Date(issueInstant.getTime() + artifactTimeout);
} else {
notAfter = new Date(issueInstant.getTime() + assertionTimeout);
}
FSUtils.debug.message("here after date");
statement.setReauthenticateOnOrAfter(notAfter);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Authentication Statement: " + statement.toXMLString());
}
Conditions cond = new Conditions(null, notAfter);
if ((destID != null) && (destID.length() != 0)) {
List targets = new ArrayList();
targets.add(destID);
cond.addAudienceRestrictionCondition(new AudienceRestrictionCondition(targets));
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Authentication Statement: " + statement.toXMLString());
}
/**
* This is added to create an attribute statement for the bootstrap
* information.
*/
AttributeStatement attribStatement = null;
Advice advice = null;
String generateBootstrapping = IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.GENERATE_BOOTSTRAPPING);
if (assertionMinorVersion != IFSConstants.FF_11_ASSERTION_MINOR_VERSION && (generateBootstrapping != null && generateBootstrapping.equals("true"))) {
AuthnContext authContext = new AuthnContext(null, authnContextStatementRef);
authContext.setMinorVersion(IFSConstants.FF_12_PROTOCOL_MINOR_VERSION);
try {
FSDiscoveryBootStrap bootStrap = new FSDiscoveryBootStrap(token, authContext, sub, univId, destID, realm);
attribStatement = bootStrap.getBootStrapStatement();
if (bootStrap.hasCredentials()) {
advice = bootStrap.getCredentials();
}
} catch (Exception e) {
FSUtils.debug.error("FSAssertionManager.createAssertion(id):" + "exception when generating bootstrapping resource " + "offering:", e);
}
}
AssertionIDReference aID = new AssertionIDReference();
Set statements = new HashSet();
statements.add(statement);
if (attribStatement != null) {
statements.add(attribStatement);
}
String attributePluginImpl = IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.ATTRIBUTE_PLUGIN);
if ((attributePluginImpl != null) && (attributePluginImpl.length() != 0)) {
try {
Object pluginClass = Thread.currentThread().getContextClassLoader().loadClass(attributePluginImpl).newInstance();
List attribStatements = null;
if (pluginClass instanceof FSRealmAttributePlugin) {
FSRealmAttributePlugin attributePlugin = (FSRealmAttributePlugin) pluginClass;
attribStatements = attributePlugin.getAttributeStatements(realm, hostEntityId, destID, sub, token);
} else if (pluginClass instanceof FSAttributePlugin) {
FSAttributePlugin attributePlugin = (FSAttributePlugin) pluginClass;
attribStatements = attributePlugin.getAttributeStatements(hostEntityId, destID, sub, token);
}
if ((attribStatements != null) && (attribStatements.size() != 0)) {
Iterator iter = attribStatements.iterator();
while (iter.hasNext()) {
statements.add((AttributeStatement) iter.next());
}
}
} catch (Exception ex) {
FSUtils.debug.error("FSAssertion.createAssertion(id):getAttributePlugin:", ex);
}
}
if (IDFFMetaUtils.isAutoFedEnabled(attributes)) {
AttributeStatement autoFedStatement = FSAttributeStatementHelper.getAutoFedAttributeStatement(realm, hostEntityId, sub, token);
statements.add(autoFedStatement);
}
FSAssertion assertion = new FSAssertion(aID.getAssertionIDReference(), hostEntityId, issueInstant, cond, advice, statements, inResponseTo);
assertion.setMinorVersion(assertionMinorVersion);
assertion.setID(aID.getAssertionIDReference());
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Assertion created successfully: " + assertion.toXMLString());
}
String aIDString = assertion.getAssertionID();
Entry entry = new Entry(assertion, destID, artString, token);
Integer maxNumber = null;
try {
int temp = Integer.parseInt(IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.ASSERTION_LIMIT));
maxNumber = new Integer(temp);
} catch (Exception ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Assertion MAX number configuration not found in " + "FSConfig. Using Default");
}
maxNumber = null;
}
if (maxNumber == null) {
maxNumber = new Integer(IFSConstants.ASSERTION_MAX_NUMBER_DEFAULT);
}
int maxValue = maxNumber.intValue();
if ((maxValue != 0) && (idEntryMap.size() > maxValue)) {
FSUtils.debug.error("FSAssertionManager.createAssertion: " + "reached maxNumber of assertions.");
throw new FSException("errorCreateAssertion", null);
}
Object oldEntry = null;
try {
synchronized (idEntryMap) {
oldEntry = idEntryMap.put(aIDString, entry);
}
if ((agent != null) && agent.isRunning() && (idffSvc != null)) {
idffSvc.setAssertions((long) idEntryMap.size());
}
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager: couldn't add " + "to idEntryMap.", e);
}
throw new FSException("errorCreateAssertion", null);
}
if (LogUtil.isAccessLoggable(Level.FINER)) {
String[] data = { assertion.toString() };
LogUtil.access(Level.FINER, LogUtil.CREATE_ASSERTION, data, token);
} else {
String[] data = { assertion.getAssertionID() };
LogUtil.access(Level.INFO, LogUtil.CREATE_ASSERTION, data, token);
}
if (artString != null) {
try {
synchronized (artIdMap) {
oldEntry = artIdMap.put(artString, aIDString);
}
if ((agent != null) && agent.isRunning() && (idffSvc != null)) {
idffSvc.setArtifacts((long) artIdMap.size());
}
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager: couldn't add " + "artifact to the artIdMap.", e);
}
throw new FSException("errorCreateArtifact", null);
}
if (oldEntry != null) {
artifactTimeoutRunnable.removeElement(aIDString);
}
artifactTimeoutRunnable.addElement(aIDString);
} else {
if (oldEntry != null) {
assertionTimeoutRunnable.removeElement(aIDString);
}
assertionTimeoutRunnable.addElement(aIDString);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Returning Assertion: " + assertion.toXMLString());
}
return assertion;
}
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class FSAuthnDecisionHandler method getIDPAuthContextInfo.
private void getIDPAuthContextInfo(String realm, String entityID) {
if (metaManager == null) {
return;
}
try {
IDPDescriptorConfigElement entityConfig = metaManager.getIDPDescriptorConfig(realm, entityID);
if (entityConfig == null) {
return;
}
Map attributes = IDFFMetaUtils.getAttributes(entityConfig);
List mappings = (List) attributes.get(IFSConstants.IDP_AUTHNCONTEXT_MAPPING);
if (mappings != null && !mappings.isEmpty()) {
idpAuthContextMap = new HashMap();
Iterator iter = mappings.iterator();
while (iter.hasNext()) {
String infoString = (String) iter.next();
try {
FSIDPAuthenticationContextInfo info = new FSIDPAuthenticationContextInfo(infoString);
idpAuthContextMap.put(info.getAuthenticationContext(), info);
} catch (FSException fe) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAuthContextHandler.getIDPAuthContextInfo: " + "info is not valid:" + infoString + " ", fe);
}
continue;
}
}
}
} catch (IDFFMetaException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAuthContextHandler.getIDPAuthContextInfo: ", e);
}
}
}
Aggregations