Examples with IDFFMetaManager com.sun.identity.federation.meta.IDFFMetaManager used on opensource projects

Example 46 with IDFFMetaManager

use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.

the class FSServiceManager method getNameRegistrationHandler.

/*
     * Returns name registration handler. This method is invoked by the
     * <code>SP</code> at the end of account federation if name registration is
     * turned on.
     * The <code>remoteEntityId</code> passed is that of the <code>IdP</code>
     * with whom registration will be done.
     * @param realm the realm in which the provider resides
     * @param remoteEntityId remote Provider Entity ID. 
     * @param remoteProviderRole remote Provider Role.
     * @return <code>FSNameRegistrationHandler</code> the name registration 
     *  handler
     */
public FSNameRegistrationHandler getNameRegistrationHandler(String realm, String remoteEntityId, String remoteProviderRole) {
    FSNameRegistrationHandler handlerRegistration = new FSNameRegistrationHandler();
    if (handlerRegistration != null) {
        try {
            IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
            if (metaManager == null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSNameRegistrationHandler::" + "getSPNameIdentifier failed to get meta " + "Manager instance");
                }
                return null;
            }
            ProviderDescriptorType remoteDesc = null;
            if (remoteProviderRole == null) {
                return null;
            } else if (remoteProviderRole.equalsIgnoreCase(IFSConstants.IDP)) {
                remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
            } else if (remoteProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
                remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
            }
            if (remoteDesc != null) {
                handlerRegistration.setRemoteDescriptor(remoteDesc);
                handlerRegistration.setRemoteEntityId(remoteEntityId);
                handlerRegistration.setRealm(realm);
                return handlerRegistration;
            } else {
                return null;
            }
        } catch (IDFFMetaException e) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSNameRegistrationHandler::Failed " + "to get remote descriptor:", e);
            }
            return null;
        }
    }
    return handlerRegistration;
}

Example 47 with IDFFMetaManager

use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.

the class IDFFNameIdentifierMapper method getNameIdentifier.

/**
     * Returns mapped <code>NameIdentifier</code> for specified user.   
     * This is used by Discovery Service to generate correct 
     * <code>NameIdentifier</code> when creating credentials for remote
     * service provider. A <code>NameIdentifier</code> in encrypted format
     * will be returned if the mapped <code>NameIdentifier</code> is
     * different from the original <code>NameIdentifier</code>, this
     * is to prevent the <code>NameIdentifier</code> to be revealed
     * to a proxy service provider. 
     * @param spProviderID Provider ID of the service provider to which
     *     the <code>NameIdentifier</code> needs to be mapped. 
     * @param idpProviderID Provider ID of the identifier provider.
     * @param nameId The <code>NameIdentifier</code> needs to be mapped. 
     * @param userID The user whose mapped <code>NameIdentifier</code> will 
     *     be returned. The value is the universal identifier of the user.
     * @return the mapped <code>NameIdentifier</code> for specified user, 
     *     return null if unable to map the <code>NameIdentifier</code>,
     *     return original name identifier if no need to mapp the
     *     <code>NameIdentifier</code>.
     */
public NameIdentifier getNameIdentifier(String spProviderID, String idpProviderID, NameIdentifier nameId, String userID) {
    try {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("IDFFNameIdentifierMapper, enter " + "spProviderID=" + spProviderID + ", idpProviderID=" + idpProviderID + ", userID=" + userID);
            if (nameId != null) {
                FSUtils.debug.message("IDFFNameIdentifierMapper, enter " + "name identifier=" + nameId.toString());
            }
        }
        if ((spProviderID == null) || (idpProviderID == null) || (userID == null)) {
            return null;
        }
        if (spProviderID.equals(idpProviderID)) {
            // same entity, this is for the case of discovery service as IDP
            return nameId;
        }
        if (nameId != null) {
            String nameQualifier = nameId.getNameQualifier();
            if ((nameQualifier != null) && nameQualifier.equals(spProviderID)) {
                // current name id is intended for the spProviderID 
                return nameId;
            }
        }
        IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
        String metaAlias = metaManager.getIDPDescriptorConfig("/", idpProviderID).getMetaAlias();
        FSAccountManager fsaccountmgr = FSAccountManager.getInstance(metaAlias);
        FSAccountFedInfo accountinfo = fsaccountmgr.readAccountFedInfo(userID, spProviderID);
        if (accountinfo != null) {
            NameIdentifier ni = accountinfo.getLocalNameIdentifier();
            FSUtils.debug.message("IDFFNameIdentifierMapper : new Ni");
            ProviderManager pm = ProviderUtil.getProviderManager();
            if (pm != null) {
                Key encKey = pm.getEncryptionKey(spProviderID);
                if (encKey != null) {
                    // passed down through a proxy WSC
                    return EncryptedNameIdentifier.getEncryptedNameIdentifier(ni, spProviderID, encKey, pm.getEncryptionKeyAlgorithm(spProviderID), pm.getEncryptionKeyStrength(spProviderID));
                } else {
                    return ni;
                }
            } else {
                return ni;
            }
        } else {
            return nameId;
        }
    } catch (FSAccountMgmtException e) {
        // the federation info might not be there, just ignore
        FSUtils.debug.message("IDFFNameIdentifierMapper, account error", e);
    } catch (FSException e) {
        // the federation info might not be there, just ignore
        FSUtils.debug.message("IDFFNameIdentifierMapper, encrypt error", e);
    } catch (IDFFMetaException e) {
        // the provider might not be a IDFF provider, just ignore
        FSUtils.debug.message("IDFFNameIdentifierMapper, meta error", e);
    }
    return null;
}

Example 48 with IDFFMetaManager

use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.

the class IDFFModelImpl method getEntitySPDescriptor.

/**
     * Returns a map of an SP entity descriptors key/value pairs.
     *
     * @param realm where the entity exists.
     * @param entityName name of entity descriptor.
     * @return map of SP key/value pairs
     */
public Map getEntitySPDescriptor(String realm, String entityName) throws AMConsoleException {
    String[] params = { realm, entityName, "IDFF", "SP-Standard Metadata" };
    logEvent("ATTEMPT_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    Map map = new HashMap();
    SPDescriptorType pDesc = null;
    try {
        IDFFMetaManager manager = getIDFFMetaManager();
        pDesc = manager.getSPDescriptor(realm, entityName);
        // common attributes
        map.put(ATTR_PROTOCOL_SUPPORT_ENUMERATION, convertListToSet(pDesc.getProtocolSupportEnumeration()));
        //communication URLs
        map.put(ATTR_SOAP_END_POINT, returnEmptySetIfValueIsNull(pDesc.getSoapEndpoint()));
        map.put(ATTR_SINGLE_LOGOUT_SERVICE_URL, returnEmptySetIfValueIsNull(pDesc.getSingleLogoutServiceURL()));
        map.put(ATTR_SINGLE_LOGOUT_SERVICE_RETURN_URL, returnEmptySetIfValueIsNull(pDesc.getSingleLogoutServiceReturnURL()));
        map.put(ATTR_FEDERATION_TERMINATION_SERVICES_URL, returnEmptySetIfValueIsNull(pDesc.getFederationTerminationServiceURL()));
        map.put(ATTR_FEDERATION_TERMINATION_SERVICE_RETURN_URL, returnEmptySetIfValueIsNull(pDesc.getFederationTerminationServiceReturnURL()));
        map.put(ATTR_REGISTRATION_NAME_IDENTIFIER_SERVICE_URL, returnEmptySetIfValueIsNull(pDesc.getRegisterNameIdentifierServiceURL()));
        map.put(ATTR_REGISTRATION_NAME_IDENTIFIER_SERVICE_RETURN_URL, returnEmptySetIfValueIsNull(pDesc.getRegisterNameIdentifierServiceReturnURL()));
        // communication profiles
        map.put(ATTR_FEDERATION_TERMINATION_NOTIFICATION_PROTOCOL_PROFILE, returnEmptySetIfValueIsNull((String) pDesc.getFederationTerminationNotificationProtocolProfile().get(0)));
        map.put(ATTR_SINGLE_LOGOUT_PROTOCOL_PROFILE, returnEmptySetIfValueIsNull((String) pDesc.getSingleLogoutProtocolProfile().get(0)));
        map.put(ATTR_REGISTRATION_NAME_IDENTIFIER_PROFILE_PROFILE, returnEmptySetIfValueIsNull((String) pDesc.getRegisterNameIdentifierProtocolProfile().get(0)));
        // only for Service Provider
        com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType.AssertionConsumerServiceURLType assertionType = (com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType.AssertionConsumerServiceURLType) ((List) pDesc.getAssertionConsumerServiceURL()).get(0);
        if (assertionType != null) {
            map.put(ATTR_ASSERTION_CUSTOMER_SERVICE_URIID, returnEmptySetIfValueIsNull(assertionType.getId()));
            map.put(ATTR_ASSERTION_CUSTOMER_SERVICE_URL, returnEmptySetIfValueIsNull(assertionType.getValue()));
            map.put(ATTR_ASSERTION_CUSTOMER_SERVICE_URL_AS_DEFAULT, returnEmptySetIfValueIsNull(assertionType.isIsDefault()));
        } else {
            map.put(ATTR_ASSERTION_CUSTOMER_SERVICE_URIID, Collections.EMPTY_SET);
            map.put(ATTR_ASSERTION_CUSTOMER_SERVICE_URL, Collections.EMPTY_SET);
            map.put(ATTR_ASSERTION_CUSTOMER_SERVICE_URL_AS_DEFAULT, Collections.EMPTY_SET);
        }
        map.put(ATTR_AUTHN_REQUESTS_SIGNED, returnEmptySetIfValueIsNull(pDesc.isAuthnRequestsSigned()));
        // get signing key size and algorithm                           
        EncInfo encinfo = KeyUtil.getEncInfo((ProviderDescriptorType) pDesc, entityName, //isIDP
        false);
        if (encinfo == null) {
            map.put(ATTR_ENCRYPTION_KEY_SIZE, Collections.EMPTY_SET);
            map.put(ATTR_ENCRYPTION_ALGORITHM, Collections.EMPTY_SET);
        } else {
            int size = encinfo.getDataEncStrength();
            String alg = encinfo.getDataEncAlgorithm();
            map.put(ATTR_ENCRYPTION_KEY_SIZE, returnEmptySetIfValueIsNull(Integer.toString(size)));
            map.put(ATTR_ENCRYPTION_ALGORITHM, returnEmptySetIfValueIsNull(alg));
        }
        logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    } catch (IDFFMetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "IDFF", "SP-Standard Metadata", strError };
        logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(strError);
    }
    return map;
}

Example 49 with IDFFMetaManager

use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.

the class IDFFModelImpl method modifyEntityProfile.

/**
     * Modifies entity descriptor profile.
     *
     * @param realm the realm in which the entity resides.
     * @param entityName Name of entity descriptor.
     * @param map Map of attribute type to a Map of attribute name to values.
     * @throws AMConsoleException if profile cannot be modified.
     */
public void modifyEntityProfile(String realm, String entityName, Map map) throws AMConsoleException {
    String[] param = { entityName };
    logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", param);
    try {
        IDFFMetaManager manager = getIDFFMetaManager();
        EntityDescriptorElement desc = manager.getEntityDescriptor(realm, entityName);
        desc.setValidUntil((String) AMAdminUtils.getValue((Set) map.get(ATTR_VALID_UNTIL)));
        desc.setCacheDuration((String) AMAdminUtils.getValue((Set) map.get(ATTR_CACHE_DURATION)));
        manager.setEntityDescriptor(realm, desc);
        logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", param);
    } catch (IDFFMetaException e) {
        String[] paramsEx = { entityName, getErrorString(e) };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(getErrorString(e));
    }
}

Example 50 with IDFFMetaManager

use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.

the class IDFFModelImpl method getSPEntityConfig.

/**
     * Returns attributes values in extended metadata.
     *
     * @param realm where the entity exists.
     * @param entityName Name of Entity Descriptor.
     * @param location Location of provider such as Hosted or Remote.
     * @return attributes values of provider.
     */
public Map getSPEntityConfig(String realm, String entityName, String location) throws AMConsoleException {
    String[] params = { realm, entityName, "IDFF", "SP-Extended Metadata" };
    logEvent("ATTEMPT_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    IDFFMetaManager manager;
    Map map = new HashMap();
    Map tmpMap = new HashMap();
    try {
        manager = getIDFFMetaManager();
        String metaAlias = null;
        BaseConfigType spConfig = manager.getSPDescriptorConfig(realm, entityName);
        if (spConfig != null) {
            map = IDFFMetaUtils.getAttributes(spConfig);
            metaAlias = spConfig.getMetaAlias();
        } else {
            createEntityConfig(realm, entityName, IFSConstants.SP, location);
        }
        Set entries = map.entrySet();
        Iterator iterator = entries.iterator();
        while (iterator.hasNext()) {
            Map.Entry entry = (Map.Entry) iterator.next();
            if (((String) entry.getKey()).equals(ATTR_SUPPORTED_SSO_PROFILE)) {
                List supportedSSOProfileList = (List) entry.getValue();
                if (!supportedSSOProfileList.isEmpty()) {
                    tmpMap.put((String) entry.getKey(), returnEmptySetIfValueIsNull((String) supportedSSOProfileList.get(0)));
                }
            } else {
                tmpMap.put((String) entry.getKey(), returnEmptySetIfValueIsNull(convertListToSet((List) entry.getValue())));
            }
        }
        tmpMap.put(ATTR_PROVIDER_ALIAS, returnEmptySetIfValueIsNull(metaAlias));
        if (!tmpMap.containsKey(ATTR_SIGNING_CERT_ALIAS)) {
            tmpMap.put(ATTR_SIGNING_CERT_ALIAS, Collections.EMPTY_SET);
        }
        if (!tmpMap.containsKey(ATTR_ENCRYPTION_CERT_ALIAS)) {
            tmpMap.put(ATTR_ENCRYPTION_CERT_ALIAS, Collections.EMPTY_SET);
        }
        logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    } catch (IDFFMetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "IDFF", "SP-Extended Metadata", strError };
        logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(getErrorString(e));
    } catch (AMConsoleException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "IDFF", "SP-Extended Metadata", strError };
        logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(getErrorString(e));
    }
    return tmpMap;
}