Search in sources :

Example 61 with IDFFMetaManager

use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.

the class IDFFSingleLogoutHandler method findIDPMetaAlias.

/**
     * Returns the IDFF IDP metaAlis which is in the same COT as the initiation
     * IDP and SP. Return null if such IDFF IDP does not exist or exception
     * occurs.
     */
private String findIDPMetaAlias(String idpEntityID, String spEntityID, String realm, String protocol) {
    try {
        IDFFMetaManager idffManager = new IDFFMetaManager(null);
        List hostedIdps = idffManager.getAllHostedIdentityProviderIDs(realm);
        if ((hostedIdps == null) || hostedIdps.isEmpty()) {
            return null;
        }
        CircleOfTrustManager cotManager = new CircleOfTrustManager();
        Set cots = cotManager.getAllActiveCirclesOfTrust(realm);
        int num = hostedIdps.size();
        for (int i = 0; i < num; i++) {
            String idpId = (String) hostedIdps.get(i);
            Iterator it = cots.iterator();
            while (it.hasNext()) {
                String cotName = (String) it.next();
                // check if this cot contains all entities
                Set providers = cotManager.listCircleOfTrustMember(realm, cotName, SingleLogoutManager.IDFF);
                if ((providers == null) || !providers.contains(idpId)) {
                    continue;
                }
                providers = cotManager.listCircleOfTrustMember(realm, cotName, protocol);
                if ((providers == null) || !providers.contains(idpEntityID)) {
                    continue;
                }
                if ((spEntityID != null) && !providers.contains(spEntityID)) {
                    continue;
                }
                // but just stop here right now.
                if (SingleLogoutManager.debug.messageEnabled()) {
                    SingleLogoutManager.debug.message("IDFFSingleLogoutHandler.findIDPMetaAlias : " + "found IDP " + idpId + " in COT " + cotName);
                }
                IDPDescriptorConfigElement config = idffManager.getIDPDescriptorConfig(realm, idpId);
                return config.getMetaAlias();
            }
        }
    } catch (Exception e) {
        SingleLogoutManager.debug.error("IDFFSingleLogoutHandler." + "findIDPMetaAlias", e);
    }
    return null;
}
Also used : CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager) Set(java.util.Set) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) Iterator(java.util.Iterator) List(java.util.List) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)

Example 62 with IDFFMetaManager

use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.

the class IDFFSingleLogoutHandler method doIDPSingleLogout.

/**
     * Performs single logout for a specific protocol. This method need to be
     * implemented by each federation protocol, and will be invoked by other
     * protocol to achieve cross federation protocol single logout. The local
     * session shall not be destroyed by the SPI implementation. In cases of
     * IDP proxying configuration, the implementation need to do single
     * logout for the entity acting as both SP and IDP.
     *
     * Normally, there are three types of single logout to be supported:
     * - logout single session (specified by userSession parameter)
     * - logout a list of session (specified by userSession parameter)
     * - logout all sessions for a specific user (specified by userID oarameter)
     *
     * As a single instance of the implementation class will be used internally
     * in the SingleLogoutManager class, implementation of the method shall
     * not maintain any states.
     *
     * @param userSession Set of user session objects (java.lang.Object) to be
     *     logout.
     * @param userID Universal identifier of the user to be logout.
     * @param request HTTP servlet request object of the request.
     * @param response HTTP servlet response object of the request.
     * @param isSOAPInitiated True means original single logout request is
     *     initiated using SOAP binding, false means the original single logout
     *     request is initiated using HTTP binding.
     * @param isIDPInitiated True means this is identity provider initiated
     *     single logout, false means this is service provider initiated single
     *     logout.
     * @param protocol The protocol of the original single logout.
     *     Possible values for this parameter:
     *          <code>SingleLogoutManager.SAML2</code>
     *              - single logout initiated using SAMLv2 protocol
     *          <code>SingleLogoutManager.IDFF</code>
     *              - single logout initiated using ID-FF protocol
     *          <code>SingleLogoutManager.WS_FED</code>
     *              - single logout initiated using WS-Federation protocol
     * @param realm Realm of the hosted entity.
     * @param idpEntityID <code>EntityID</code> of the hosted identity provider
     *      in the original Single Logout request.
     * @param spEntityID <code>EntityID</code> of the remote service provider
     *      in the original Single Logout request.
     * @param relayState A state information to be relayed back in response.
     * @param singleLogoutRequestXML Original single logout request in XML
     *      string.
     * @param singleLogoutResponseXML Logout response to be sent back to SP. 
     *      This only apply to the case of SP initiated Single Logout, it will
     *      be null in case of IDP initiated single logout.
     * @param currentStatus Current logout status, this is the accumulative
     *      single logout status for all protocols processed so far.
     *      Possible values:
     *         <code>SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS</code>
     *         <code>SingleLogoutManager.LOGOUT_FAILED_STATUS</code>
     *         <code>SingleLogoutManager.LOGOUT_PARTIAL_STATUS</code>
     * @return the single logout status for this protocol, possible values:
     *         <code>SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS</code>
     *         <code>SingleLogoutManager.LOGOUT_FAILED_STATUS</code>
     *         <code>SingleLogoutManager.LOGOUT_PARTIAL_STATUS</code>
     *         <code>SingleLogoutManager.LOGOUT_REDIRECTED_STATUS</code>
     *         <code>SingleLogoutManager.LOGOUT_NO_ACTION_STATUS</code>
     * @exception Exception if error occurs when processing the protocol.
     */
public int doIDPSingleLogout(Set userSession, String userID, HttpServletRequest request, HttpServletResponse response, boolean isSOAPInitiated, boolean isIDPInitiated, String protocol, String realm, String idpEntityID, String spEntityID, String relayState, String singleLogoutRequestXML, String singleLogoutResponseXML, int currentStatus) throws Exception {
    SingleLogoutManager.debug.message("IDFFSingleLogoutHandler.doIDPSLO : start");
    String idpMetaAlias = findIDPMetaAlias(idpEntityID, spEntityID, realm, protocol);
    if (idpMetaAlias == null) {
        // no IDFF IDP found
        return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
    }
    if (SingleLogoutManager.debug.messageEnabled()) {
        SingleLogoutManager.debug.message("IDFFSingleLogoutHandler: " + "IDFF idp meta alias=" + idpMetaAlias + ", userID=" + userID + ", session=" + userSession + ", isSOAInitiated=" + isSOAPInitiated + ", isIDPInitiated=" + isIDPInitiated + ", protocol=" + protocol + ", relam=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID + ", status=" + currentStatus + "\nlogout Request XML=" + singleLogoutRequestXML + "\nlogout response XML=" + singleLogoutResponseXML);
    }
    IDFFMetaManager idffManager = new IDFFMetaManager(null);
    String idpEntityId = idffManager.getEntityIDByMetaAlias(idpMetaAlias);
    if (!FSLogoutUtil.liveConnectionsExist(userID, idpMetaAlias)) {
        // no session for this protocol
        return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
    }
    if (isSOAPInitiated) {
        return handleSOAPInitiatedSingleLogout(userSession, userID, request, response, realm, idpMetaAlias, idpEntityId, relayState, idffManager);
    } else {
        SingleLogoutManager.debug.message("IDFFSingleLogoutHandler.doIDPSLO : HTTP initiated SLO");
        if (!MultiProtocolUtils.usedInProtocol(request, SingleLogoutManager.IDFF)) {
            return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
        }
        String redirectURL = MultiProtocolUtils.geServerBaseURL(request) + "/liberty-logout?" + IFSConstants.META_ALIAS + "=" + idpMetaAlias + "&" + IFSConstants.RELAY_STATE + "=" + URLEncoder.encode(relayState, "UTF-8");
        if (SingleLogoutManager.debug.messageEnabled()) {
            SingleLogoutManager.debug.message("IDFFSingleLogoutHandler.doIDPSLO : HTTP init, redirect to " + redirectURL);
        }
        response.sendRedirect(redirectURL);
        return SingleLogoutManager.LOGOUT_REDIRECTED_STATUS;
    }
}
Also used : IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)

Example 63 with IDFFMetaManager

use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.

the class DeleteMetaData method handleIDFFRequest.

private void handleIDFFRequest(RequestContext rc) throws CLIException {
    try {
        IDFFMetaManager metaManager = new IDFFMetaManager(ssoToken);
        if (metaManager.getEntityDescriptor(realm, entityID) == null) {
            Object[] param = { entityID, realm };
            throw new CLIException(MessageFormat.format(getResourceString("delete-entity-entity-not-exist"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        if (extendedOnly) {
            metaManager.deleteEntityConfig(realm, entityID);
            Object[] objs = { entityID, realm };
            getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("delete-entity-config-deleted"), objs));
        } else {
            metaManager.deleteEntityDescriptor(realm, entityID);
            Object[] objs = { entityID, realm };
            getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("delete-entity-descriptor-deleted"), objs));
        }
    } catch (IDFFMetaException e) {
        throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}
Also used : IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) CLIException(com.sun.identity.cli.CLIException)

Example 64 with IDFFMetaManager

use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.

the class ImportBulkFederationData method idffGetRoleAndEntityId.

private void idffGetRoleAndEntityId() throws CLIException {
    try {
        IDFFMetaManager idffMgr = new IDFFMetaManager(ssoToken);
        String role = idffMgr.getProviderRoleByMetaAlias(metaAlias);
        if (role == null) {
            Object[] param = { metaAlias };
            throw new CLIException(MessageFormat.format(getResourceString("import-bulk-federation-data-unknown-metaalias"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        isIDP = role.equals(IFSConstants.IDP);
        localEntityId = idffMgr.getEntityIDByMetaAlias(metaAlias);
    } catch (IDFFMetaException e) {
        debugError("ImportBulkFederationData.idffGetRoleAndEntityId", e);
        Object[] param = { metaAlias };
        throw new CLIException(MessageFormat.format(getResourceString("import-bulk-federation-data-unknown-metaalias"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}
Also used : IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) CLIException(com.sun.identity.cli.CLIException)

Example 65 with IDFFMetaManager

use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.

the class IDFFModelImpl method getIDPEntityConfig.

/**
     * Returns attributes values in extended metadata.
     *
     * @param realm where the entity exists.
     * @param entityName Name of Entity Descriptor.
     * @param location Location of provider such as Hosted or Remote.
     * @return attributes values of provider.
     */
public Map getIDPEntityConfig(String realm, String entityName, String location) throws AMConsoleException {
    String[] params = { realm, entityName, "IDFF", "IDP-Extended Metadata" };
    logEvent("ATTEMPT_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    IDFFMetaManager manager;
    Map map = new HashMap();
    Map tmpMap = new HashMap();
    try {
        manager = getIDFFMetaManager();
        String metaAlias = null;
        BaseConfigType idpConfig = manager.getIDPDescriptorConfig(realm, entityName);
        if (idpConfig != null) {
            map = IDFFMetaUtils.getAttributes(idpConfig);
            metaAlias = idpConfig.getMetaAlias();
        } else {
            createEntityConfig(realm, entityName, IFSConstants.IDP, location);
        }
        Set entries = map.entrySet();
        Iterator iterator = entries.iterator();
        while (iterator.hasNext()) {
            Map.Entry entry = (Map.Entry) iterator.next();
            tmpMap.put((String) entry.getKey(), returnEmptySetIfValueIsNull(convertListToSet((List) entry.getValue())));
        }
        tmpMap.put(ATTR_PROVIDER_ALIAS, returnEmptySetIfValueIsNull(metaAlias));
        if (!tmpMap.containsKey(ATTR_SIGNING_CERT_ALIAS)) {
            tmpMap.put(ATTR_SIGNING_CERT_ALIAS, Collections.EMPTY_SET);
        }
        if (!tmpMap.containsKey(ATTR_ENCRYPTION_CERT_ALIAS)) {
            tmpMap.put(ATTR_ENCRYPTION_CERT_ALIAS, Collections.EMPTY_SET);
        }
        logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    } catch (IDFFMetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "IDFF", "IDP-Extended Metadata", strError };
        logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(getErrorString(e));
    } catch (AMConsoleException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "IDFF", "IDP-Extended Metadata", strError };
        logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(getErrorString(e));
    }
    return tmpMap;
}
Also used : BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) Iterator(java.util.Iterator) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)69 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)63 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)27 Iterator (java.util.Iterator)24 List (java.util.List)21 Set (java.util.Set)20 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)18 Map (java.util.Map)18 HashMap (java.util.HashMap)16 FSException (com.sun.identity.federation.common.FSException)15 ArrayList (java.util.ArrayList)15 HashSet (java.util.HashSet)14 IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)10 SAMLException (com.sun.identity.saml.common.SAMLException)10 IOException (java.io.IOException)10 CLIException (com.sun.identity.cli.CLIException)9 ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)9 IDPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)8 SPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)7 EntityDescriptorElement (com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)7