Example 51 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class IDFFModelImpl method updateEntitySPDescriptor.
public void updateEntitySPDescriptor(String realm, String entityName, Map attrValues, Map extendedValues, boolean ishosted) throws AMConsoleException {
String[] params = { realm, entityName, "IDFF", "SP-Standard Metadata" };
logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
try {
//save key and encryption details if present for hosted
if (ishosted == true) {
String keysize = getValueByKey(attrValues, ATTR_ENCRYPTION_KEY_SIZE);
String algorithm = getValueByKey(attrValues, ATTR_ENCRYPTION_ALGORITHM);
String e_certAlias = getValueByKey(extendedValues, ATTR_ENCRYPTION_CERT_ALIAS);
String s_certAlias = getValueByKey(extendedValues, ATTR_SIGNING_CERT_ALIAS);
int keysi = (keysize != null && keysize.length() > 0) ? Integer.parseInt(keysize) : 128;
String alg = (algorithm == null || algorithm.length() == 0) ? "http://www.w3.org/2001/04/xmlenc#aes128-cbc" : algorithm;
IDFFMetaSecurityUtils.updateProviderKeyInfo(realm, entityName, e_certAlias, false, false, alg, keysi);
IDFFMetaSecurityUtils.updateProviderKeyInfo(realm, entityName, s_certAlias, true, false, alg, keysi);
}
IDFFMetaManager idffManager = getIDFFMetaManager();
EntityDescriptorElement entityDescriptor = idffManager.getEntityDescriptor(realm, entityName);
SPDescriptorType pDesc = idffManager.getSPDescriptor(realm, entityName);
//Protocol Support Enumeration
pDesc.getProtocolSupportEnumeration().clear();
pDesc.getProtocolSupportEnumeration().add((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_PROTOCOL_SUPPORT_ENUMERATION)));
//communication URLs
pDesc.setSoapEndpoint((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_SOAP_END_POINT)));
pDesc.setSingleLogoutServiceURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_SINGLE_LOGOUT_SERVICE_URL)));
pDesc.setSingleLogoutServiceReturnURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_SINGLE_LOGOUT_SERVICE_RETURN_URL)));
pDesc.setFederationTerminationServiceURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_FEDERATION_TERMINATION_SERVICES_URL)));
pDesc.setFederationTerminationServiceReturnURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_FEDERATION_TERMINATION_SERVICE_RETURN_URL)));
pDesc.setRegisterNameIdentifierServiceURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_REGISTRATION_NAME_IDENTIFIER_SERVICE_URL)));
pDesc.setRegisterNameIdentifierServiceReturnURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_REGISTRATION_NAME_IDENTIFIER_SERVICE_RETURN_URL)));
// communication profiles
pDesc.getFederationTerminationNotificationProtocolProfile().clear();
pDesc.getFederationTerminationNotificationProtocolProfile().add((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_FEDERATION_TERMINATION_NOTIFICATION_PROTOCOL_PROFILE)));
int size = federationTerminationProfileList.size();
for (int i = 0; i < size; i++) {
if (!federationTerminationProfileList.get(i).equals((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_FEDERATION_TERMINATION_NOTIFICATION_PROTOCOL_PROFILE)))) {
pDesc.getFederationTerminationNotificationProtocolProfile().add(federationTerminationProfileList.get(i));
}
}
pDesc.getSingleLogoutProtocolProfile().clear();
pDesc.getSingleLogoutProtocolProfile().add((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_SINGLE_LOGOUT_PROTOCOL_PROFILE)));
size = singleLogoutProfileList.size();
for (int i = 0; i < size; i++) {
if (!singleLogoutProfileList.get(i).equals((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_SINGLE_LOGOUT_PROTOCOL_PROFILE)))) {
pDesc.getSingleLogoutProtocolProfile().add(singleLogoutProfileList.get(i));
}
}
pDesc.getRegisterNameIdentifierProtocolProfile().clear();
pDesc.getRegisterNameIdentifierProtocolProfile().add((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_REGISTRATION_NAME_IDENTIFIER_PROFILE_PROFILE)));
size = nameRegistrationProfileList.size();
for (int i = 0; i < size; i++) {
if (!nameRegistrationProfileList.get(i).equals((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_REGISTRATION_NAME_IDENTIFIER_PROFILE_PROFILE)))) {
pDesc.getRegisterNameIdentifierProtocolProfile().add(nameRegistrationProfileList.get(i));
}
}
// only for sp
String id = (String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_ASSERTION_CUSTOMER_SERVICE_URIID));
String value = (String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_ASSERTION_CUSTOMER_SERVICE_URL));
String isDefault = (String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_ASSERTION_CUSTOMER_SERVICE_URL_AS_DEFAULT));
String authnRequestsSigned = (String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_AUTHN_REQUESTS_SIGNED));
com.sun.identity.liberty.ws.meta.jaxb.ObjectFactory objFactory = new com.sun.identity.liberty.ws.meta.jaxb.ObjectFactory();
com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType.AssertionConsumerServiceURLType assertionType = objFactory.createSPDescriptorTypeAssertionConsumerServiceURLType();
assertionType.setId(id);
assertionType.setValue(value);
if (isDefault.equals("true")) {
assertionType.setIsDefault(true);
} else {
assertionType.setIsDefault(false);
}
pDesc.getAssertionConsumerServiceURL().clear();
pDesc.getAssertionConsumerServiceURL().add(assertionType);
if (authnRequestsSigned.equals("true")) {
pDesc.setAuthnRequestsSigned(true);
} else {
pDesc.setAuthnRequestsSigned(false);
}
entityDescriptor.getSPDescriptor().clear();
entityDescriptor.getSPDescriptor().add(pDesc);
idffManager.setEntityDescriptor(realm, entityDescriptor);
logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
} catch (IDFFMetaException e) {
debug.error("IDFFMetaException, updateEntitySPDescriptor");
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "IDFF", "SP-Standard Metadata", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
} catch (JAXBException e) {
debug.error("JAXBException, updateEntitySPDescriptor");
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "IDFF", "SP-Standard Metadata", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
JAXBException(javax.xml.bind.JAXBException)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
EntityDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)
ObjectFactory(com.sun.identity.federation.jaxb.entityconfig.ObjectFactory)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Example 52 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class IDFFModelImpl method updateAffiliateProfile.
/**
* Modifies affiliate profile.
*
* @param realm the realm in which the entity resides.
* @param entityName Name of entity descriptor.
* @param values Map of attribute name/value pairs.
* @param members Set of affiliate members
* @throws AMConsoleException if profile cannot be modified.
*/
public void updateAffiliateProfile(String realm, String entityName, Map values, Set members) throws AMConsoleException {
String[] params = { realm, entityName, "IDFF", "Affiliate" };
logEvent("ATTEMPT_MODIFY_AFFILIATE_ENTITY_DESCRIPTOR", params);
try {
IDFFMetaManager idffManager = getIDFFMetaManager();
EntityDescriptorElement entityDescriptor = idffManager.getEntityDescriptor(realm, entityName);
AffiliationDescriptorType aDesc = entityDescriptor.getAffiliationDescriptor();
aDesc.setAffiliationOwnerID((String) AMAdminUtils.getValue((Set) values.get(ATTR_AFFILIATE_OWNER_ID)));
//TBD : common attributes which may be added here later
/* ATTR_AFFILIATE_VALID_UNTIL,
* ATTR_AFFILIATE_CACHE_DURATION
* ATTR_ENCRYPTION_KEY_SIZE
* ATTR_AFFILIATE_ENCRYPTION_KEY_ALGORITHM
* ATTR_AFFILIATE_ENCRYPTION_CERT_ALIAS
* ATTR_AFFILIATE_SIGNING_CERT_ALIAS
*/
// add affilliate members
aDesc.getAffiliateMember().clear();
Iterator it = members.iterator();
while (it.hasNext()) {
String newMember = (String) it.next();
aDesc.getAffiliateMember().add(newMember);
}
entityDescriptor.setAffiliationDescriptor(aDesc);
idffManager.setEntityDescriptor(realm, entityDescriptor);
logEvent("SUCCEED_MODIFY_AFFILIATE_ENTITY_DESCRIPTOR", params);
} catch (IDFFMetaException e) {
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "IDFF", "Affiliate", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_AFFILIATE_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
}
}
Also used :
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
Iterator(java.util.Iterator)
AffiliationDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
EntityDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)
Example 53 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class ImportEntityModelImpl method createIDFFEntity.
private void createIDFFEntity() throws AMConsoleException {
try {
IDFFMetaManager metaManager = new IDFFMetaManager(null);
com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement configElt = null;
if (extendedMetaData != null) {
configElt = getIDFFEntityConfigElement();
if ((configElt != null) && configElt.isHosted()) {
IDPDescriptorConfigElement idpConfig = IDFFMetaUtils.getIDPDescriptorConfig(configElt);
if (idpConfig != null) {
SAML2MetaUtils.getRealmByMetaAlias(idpConfig.getMetaAlias());
} else {
SPDescriptorConfigElement spConfig = IDFFMetaUtils.getSPDescriptorConfig(configElt);
if (spConfig != null) {
SAML2MetaUtils.getRealmByMetaAlias(spConfig.getMetaAlias());
}
}
}
}
importIDFFMetaData(metaManager);
if (configElt != null) {
metaManager.createEntityConfig(realm, configElt);
}
} catch (IDFFMetaException e) {
throw new AMConsoleException(e);
}
}
Also used :
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)
IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Example 54 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class EncryptedNameIdentifier method getEncryptedNameIdentifier.
/**
* Returns the <code>EncryptedNameIdentifier</code> for a given name
* identifier and the provider ID.
*
* @param ni the <code>NameIdentifier</code> object.
* @param realm The realm under which the entity resides.
* @param providerID the remote provider identifier.
* @return the <code>NameIdentifier</code> object.
* @throws FSException on error.
*/
public static NameIdentifier getEncryptedNameIdentifier(NameIdentifier ni, String realm, String providerID) throws FSException {
if (ni == null || providerID == null) {
FSUtils.debug.error("EncryptedNameIdentifier.construct: " + "nullInputParameter");
throw new FSException("nullInputParameter", null);
}
ProviderDescriptorType providerDesc = null;
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager != null) {
providerDesc = metaManager.getSPDescriptor(realm, providerID);
if (providerDesc == null) {
providerDesc = metaManager.getIDPDescriptor(realm, providerID);
}
}
if (providerDesc == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException ae) {
FSUtils.debug.error("EncryptedNameIdentifier.construct: Could" + "not retrieve the meta for provider" + providerID);
throw new FSException(ae);
}
EncInfo encInfo = KeyUtil.getEncInfo(providerDesc, providerID, false);
return getEncryptedNameIdentifier(ni, providerID, encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength());
}
Also used :
EncInfo(com.sun.identity.federation.key.EncInfo)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSException(com.sun.identity.federation.common.FSException)
Example 55 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method sendProxyResponse.
/**
* Sends the proxy authentication response to the proxying service
* provider which has originally requested for the authentication.
* @param requestID authnRequest id that is sent to the authenticating
* Identity Provider.
*/
protected void sendProxyResponse(String requestID) {
FSUtils.debug.message("FSAssertionArtifactHandler.sendProxyResponse::");
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
FSAuthnRequest origRequest = sessionManager.getProxySPAuthnRequest(requestID);
if (FSUtils.debug.messageEnabled()) {
try {
FSUtils.debug.message("FSAssertionHandler.sendProxyResponse:" + origRequest.toXMLString());
} catch (Exception ex) {
FSUtils.debug.error("FSAssertionHandler.sendProxyResponse:" + "toString(): Failed.", ex);
}
}
SPDescriptorType proxyDescriptor = sessionManager.getProxySPDescriptor(requestID);
String proxySPEntityId = origRequest.getProviderId();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler.sendProxyResponse" + ":Original requesting service provider id:" + proxySPEntityId);
}
FSSession session = sessionManager.getSession(ssoToken);
if (authnContextStmt != null) {
String authnContext = authnContextStmt.getAuthnContextClassRef();
session.setAuthnContext(authnContext);
}
session.addSessionPartner(new FSSessionPartner(proxySPEntityId, false));
if (FSUtils.debug.messageEnabled()) {
Iterator partners = session.getSessionPartners().iterator();
while (partners.hasNext()) {
FSSessionPartner part = (FSSessionPartner) partners.next();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("PARTNERS" + part.getPartner());
}
}
}
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
BaseConfigType proxySPConfig = null;
try {
proxySPConfig = metaManager.getSPDescriptorConfig(realm, proxySPEntityId);
} catch (Exception e) {
FSUtils.debug.error("FSAssertionArtifactHandler.sendProxyResponse:" + "Couldn't obtain proxy sp meta:", e);
}
FSProxyHandler handler = new FSProxyHandler(request, response, origRequest, proxyDescriptor, proxySPConfig, proxySPEntityId, origRequest.getRelayState(), ssoToken);
IDPDescriptorType localIDPDesc = null;
BaseConfigType localIDPConfig = null;
String localIDPMetaAlias = null;
try {
localIDPDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
localIDPConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
localIDPMetaAlias = localIDPConfig.getMetaAlias();
} catch (Exception e) {
FSUtils.debug.error("FSAssertionartifactHandler.sendProxyResponse:" + "Exception when obtaining local idp meta:", e);
}
handler.setRealm(realm);
handler.setHostedEntityId(hostEntityId);
handler.setHostedDescriptor(localIDPDesc);
handler.setHostedDescriptorConfig(localIDPConfig);
handler.setMetaAlias(localIDPMetaAlias);
handler.processAuthnRequest(origRequest, true);
}
Also used :
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
FSSession(com.sun.identity.federation.services.FSSession)
Iterator(java.util.Iterator)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
Aggregations
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)69
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)63
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)27
Iterator (java.util.Iterator)24
List (java.util.List)21
Set (java.util.Set)20
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)18
Map (java.util.Map)18
HashMap (java.util.HashMap)16
FSException (com.sun.identity.federation.common.FSException)15
ArrayList (java.util.ArrayList)15
HashSet (java.util.HashSet)14
IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)10
SAMLException (com.sun.identity.saml.common.SAMLException)10
IOException (java.io.IOException)10
CLIException (com.sun.identity.cli.CLIException)9
ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)9
IDPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)8
SPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)7
EntityDescriptorElement (com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)7
