Example 41 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class ConfigFedMonitoring method getAllRealms.
private void getAllRealms(String startRealm) {
String classMethod = "ConfigFedMonitoring.getAllRealms: ";
// until IDPs/SPs per realm instrum
boolean skipSAML2Entities = true;
StringBuffer sb = new StringBuffer(classMethod);
sb.append("orgnames starting from ").append(startRealm).append(":\n");
sb.append(" ").append(startRealm).append("\n");
List rList = getRealmsList(startRealm);
try {
CircleOfTrustManager cotmgr = new CircleOfTrustManager();
SAML2MetaManager saml2Mgr = new SAML2MetaManager();
IDFFMetaManager idffmgr = new IDFFMetaManager(ssoToken);
for (Iterator it = rList.iterator(); it.hasNext(); ) {
String thisRealm = (String) it.next();
Set cots = getCOTs(thisRealm, cotmgr);
Map s2Ents = null;
if (!skipSAML2Entities) {
s2Ents = getSAML2Entities(thisRealm, saml2Mgr);
}
Map wsEnts = getWSFedEntities(thisRealm);
Map idffentMap = getIDFFEntities(thisRealm, idffmgr);
/*
* getCOTMembers(thisRealm, cot, cotmgr, cotsb)
* can get the members of the COT, but there isn't
* a (MIB) entry that right now.
*/
Map membMap = getCOTMembers(thisRealm, cots, cotmgr);
SSOServerRealmFedInfo srfi = new SSOServerRealmFedInfo.SSOServerRealmFedInfoBuilder(thisRealm).cots(cots).samlv2Entities(s2Ents).wsEntities(wsEnts).idffEntities(idffentMap).membEntities(membMap).build();
Agent.federationConfig(srfi);
}
} catch (SAML2MetaException e) {
debug.error(classMethod + "SAML2 ex: " + e.getMessage());
} catch (COTException e) {
debug.error(classMethod + "COT ex: " + e.getMessage());
} catch (IDFFMetaException e) {
debug.error(classMethod + "IDFF ex: " + e.getMessage());
}
}
Also used :
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
Set(java.util.Set)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
COTException(com.sun.identity.cot.COTException)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
SSOServerRealmFedInfo(com.sun.identity.monitoring.SSOServerRealmFedInfo)
HashMap(java.util.HashMap)
Map(java.util.Map)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 42 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class FSSOAPReceiver method getRemoteProviderDescriptor.
private ProviderDescriptorType getRemoteProviderDescriptor(String hostedProviderRole, String remoteEntityId, String realm) {
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager == null) {
FSUtils.debug.message("Unable to get meta manager");
return null;
}
ProviderDescriptorType remoteDesc = null;
if (hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
} else {
remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
}
return remoteDesc;
} catch (IDFFMetaException eam) {
FSUtils.debug.error("Unable to find Hosted Provider.Cannot process request:", eam);
return null;
}
}
Also used :
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
Example 43 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class FSSOAPReceiver method handleRegistrationRequest.
private FSNameRegistrationResponse handleRegistrationRequest(Element elt, SOAPMessage msg, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String hostedRole, String realm, String hostedEntityId, String providerAlias, HttpServletRequest request, HttpServletResponse response) {
try {
FSNameRegistrationRequest regisRequest = new FSNameRegistrationRequest(elt);
String remoteEntityId = regisRequest.getProviderId();
boolean isIDP = false;
if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
isIDP = true;
}
ProviderDescriptorType remoteDesc = getRemoteProviderDescriptor(hostedRole, remoteEntityId, realm);
if (remoteDesc == null) {
return null;
}
X509Certificate cert = KeyUtil.getVerificationCert(remoteDesc, remoteEntityId, isIDP);
if (!FSServiceUtils.isSigningOn() || verifyRequestSignature(elt, msg, cert)) {
FSUtils.debug.message("Registration Signature successfully passed");
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
FSServiceManager instService = FSServiceManager.getInstance();
if (instService != null) {
FSNameRegistrationHandler regisHandler = new FSNameRegistrationHandler();
regisHandler.setHostedDescriptor(hostedProviderDesc);
regisHandler.setHostedDescriptorConfig(hostedConfig);
regisHandler.setHostedEntityId(hostedEntityId);
regisHandler.setHostedProviderRole(hostedRole);
regisHandler.setMetaAlias(providerAlias);
regisHandler.setRealm(realm);
regisHandler.setRemoteDescriptor(remoteDesc);
regisHandler.setRemoteEntityId(remoteEntityId);
FSNameRegistrationResponse regisResponse = regisHandler.processSOAPRegistrationRequest(request, response, regisRequest);
return regisResponse;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSServiceManager instance is null. " + "Cannot process registration request");
}
return null;
}
}
FSUtils.debug.error("Remote provider not in trusted list");
return null;
} else {
FSUtils.debug.message("Registration Signature failed verification");
return null;
}
} catch (Exception se) {
FSUtils.debug.error("FSNameRegistrationHandler.doPost.doGet:Exception occured ", se);
return null;
}
}
Also used :
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSNameRegistrationHandler(com.sun.identity.federation.services.registration.FSNameRegistrationHandler)
FSNameRegistrationResponse(com.sun.identity.federation.message.FSNameRegistrationResponse)
FSNameRegistrationRequest(com.sun.identity.federation.message.FSNameRegistrationRequest)
X509Certificate(java.security.cert.X509Certificate)
SOAPException(javax.xml.soap.SOAPException)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSException(com.sun.identity.federation.common.FSException)
Example 44 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class FSSOAPReceiver method handleLogoutRequest.
/**
* Initiates the processing of the logout request received from a remote
* trusted provider.
* @param elt containing the logout request in the XML message
* @param logoutRequest logout notification
* @param msgLogout logout message
* @param request http request object
* @param response http response object
* @param hostedProviderDesc hosted provider meta descriptor
* @param hostedConfig hosted provider's extended meta
* @param providerAlias hosted provider's meta alias
* @param realm The realm under which the entity resides.
* @param hostedEntityId hosted provider's entity ID
* @param hostedRole hosted provider's role
* @return null if error in processing, or Map containing two
* keys, MESSAGE for SOAPMessage object and USERID for userID string
*/
private Map handleLogoutRequest(Element elt, FSLogoutNotification logoutRequest, SOAPMessage msgLogout, HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String providerAlias, String realm, String hostedEntityId, String hostedRole) {
try {
String remoteEntityId = logoutRequest.getProviderId();
ProviderDescriptorType remoteDesc = getRemoteProviderDescriptor(hostedRole, remoteEntityId, realm);
if (remoteDesc == null) {
return null;
}
boolean isIDP = false;
if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
isIDP = true;
}
X509Certificate remoteCert = KeyUtil.getVerificationCert(remoteDesc, remoteEntityId, isIDP);
if (!FSServiceUtils.isSigningOn() || verifyRequestSignature(elt, msgLogout, remoteCert)) {
FSUtils.debug.message("Logout Signature successfully verified");
if (providerAlias == null || providerAlias.length() < 1) {
FSUtils.debug.message("Unable to retrieve alias, " + "Hosted Provider Cannot process logout request");
return null;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: " + "Completed forming request FSLogoutNotification");
}
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
String userID = FSLogoutUtil.getUserFromRequest(logoutRequest, realm, hostedEntityId, hostedRole, hostedConfig, providerAlias);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + " found user Id = " + userID);
}
// Call SP Adapter preSingleLogoutProcess for IDP/SOAP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver, " + "call preSingleLogoutProcess, IDP/SOAP");
}
try {
spAdapter.preSingleLogoutProcess(hostedEntityId, request, response, userID, logoutRequest, null, IFSConstants.LOGOUT_IDP_SOAP_PROFILE);
} catch (Exception e) {
// ignore adapter process error
FSUtils.debug.error("preSingleLogoutProcess." + "IDP/SOAP", e);
}
}
}
// TODO : change to use FSLogoutUtil.liveConnectionsExist
if (!isUserExists(userID, providerAlias)) {
//to do the cleanup
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: User " + "does not exist locally. Finding remotely");
}
List platformList = null;
try {
platformList = SystemConfigurationUtil.getServerList();
} catch (SystemConfigurationException se) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: " + "Couldn't find remote server:", se);
}
}
if (platformList == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "platformList is null");
}
return null;
}
Iterator iter = platformList.iterator();
while (iter.hasNext()) {
String remoteServerURL = (String) iter.next();
StringBuffer tmpremoteURL = new StringBuffer(remoteServerURL);
tmpremoteURL.append(SystemConfigurationUtil.getProperty("com.iplanet.am.services." + "deploymentDescriptor"));
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "remoteServerURL = " + remoteServerURL + " and self serverUrl =" + FSServiceUtils.getBaseURL());
}
if ((FSServiceUtils.getBaseURL()).equalsIgnoreCase(remoteServerURL.toString())) {
continue;
}
FSAssertionManagerClient amc = new FSAssertionManagerClient(providerAlias, getFullServiceURL(remoteServerURL));
if (amc.isUserExists(userID)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "user found here =" + remoteServerURL);
}
StringBuffer remoteURL = new StringBuffer();
remoteURL.append(remoteServerURL.toString()).append(SystemConfigurationUtil.getProperty("com.iplanet.am.services." + "deploymentDescriptor")).append(IFSConstants.SOAP_END_POINT_VALUE).append("/").append(IFSConstants.META_ALIAS).append(providerAlias);
FSSOAPService instSOAP = FSSOAPService.getInstance();
SOAPMessage retSOAPMessage = null;
if (instSOAP != null) {
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Forward logout request to " + remoteURL.toString());
}
retSOAPMessage = instSOAP.sendMessage(msgLogout, remoteURL.toString());
if (retSOAPMessage != null) {
Map map = new HashMap();
map.put(MESSAGE, retSOAPMessage);
if (userID != null) {
map.put(USERID, userID);
}
return map;
} else {
return null;
}
} catch (SOAPException e) {
FSUtils.debug.error("FSSOAPException in doSOAPProfile" + " Cannot send request", e);
return null;
}
} else {
return null;
}
}
}
}
FSServiceManager instService = FSServiceManager.getInstance();
if (instService != null) {
FSPreLogoutHandler logoutHandler = instService.getPreLogoutHandler();
if (logoutHandler != null) {
logoutHandler.setHostedDescriptor(hostedProviderDesc);
logoutHandler.setHostedDescriptorConfig(hostedConfig);
logoutHandler.setHostedEntityId(hostedEntityId);
logoutHandler.setHostedProviderRole(hostedRole);
logoutHandler.setMetaAlias(providerAlias);
logoutHandler.setRealm(realm);
logoutHandler.setRemoteDescriptor(remoteDesc);
logoutHandler.setRemoteEntityId(remoteEntityId);
logoutHandler.setLogoutRequest(logoutRequest);
FSLogoutStatus bProcessStatus = logoutHandler.processSingleLogoutRequest(logoutRequest);
if (bProcessStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
MessageFactory factory = MessageFactory.newInstance();
SOAPMessage successSOAP = factory.createMessage();
if (successSOAP != null) {
Map map = new HashMap();
map.put(MESSAGE, successSOAP);
if (userID != null) {
map.put(USERID, userID);
}
return map;
} else {
return null;
}
} else if (bProcessStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_UNSUPPORTED)) {
SOAPMessage retSOAPMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
if (retSOAPMessage != null) {
Map map = new HashMap();
map.put(MESSAGE, retSOAPMessage);
if (userID != null) {
map.put(USERID, userID);
}
return map;
} else {
return null;
}
} else {
return null;
}
} else {
FSUtils.debug.error("Unable to get PreLogoutHandler");
FSUtils.debug.error("Cannot process request");
return null;
}
} else {
FSUtils.debug.message("FSServiceManager instance is" + "null. Cannot process logout request");
return null;
}
}
FSUtils.debug.message("Remote provider not in trusted list");
return null;
} else {
FSUtils.debug.error("Logout Signature failed verification");
return null;
}
} catch (Exception se) {
FSUtils.debug.error("FSSOAPService::handleLogoutRequest failed", se);
return null;
}
}
Also used :
MessageFactory(javax.xml.soap.MessageFactory)
HashMap(java.util.HashMap)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSLogoutStatus(com.sun.identity.federation.services.logout.FSLogoutStatus)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
SOAPMessage(javax.xml.soap.SOAPMessage)
X509Certificate(java.security.cert.X509Certificate)
SOAPException(javax.xml.soap.SOAPException)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSException(com.sun.identity.federation.common.FSException)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
SOAPException(javax.xml.soap.SOAPException)
FSPreLogoutHandler(com.sun.identity.federation.services.logout.FSPreLogoutHandler)
Iterator(java.util.Iterator)
List(java.util.List)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 45 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class FSDefaultRealmAttributePlugin method getAttributeStatements.
/**
* Returns list of <code>AttributeStatement</code>s by using attribute
* map defined in the configuration.
* @param realm The realm under which the entity resides.
* @param hostEntityId Hosted identity provider entity id.
* @param remoteEntityID Remote provider's entity id
* @param subject Subject subject of the authenticated principal.
* @param token user's session.
* @return list of SAML <code>AttributeStatement<code>s.
*/
public List getAttributeStatements(String realm, String hostEntityId, String remoteEntityID, FSSubject subject, Object token) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttributeStatements");
Map attributeMap = null;
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager != null) {
IDPDescriptorConfigElement idpConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
if (idpConfig != null) {
Map attributes = IDFFMetaUtils.getAttributes(idpConfig);
attributeMap = FSServiceUtils.parseAttributeConfig((List) attributes.get(IFSConstants.IDP_ATTRIBUTE_MAP));
}
}
} catch (IDFFMetaException me) {
FSUtils.debug.error("FSDefaultAttributePlugin.getAttribute" + "Statements: meta exception.", me);
return null;
}
if (attributeMap == null || attributeMap.isEmpty()) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Statements: Attribute map configuration is empty.");
}
return null;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Statements: Attribute map configuration: " + attributeMap);
}
}
List statements = new ArrayList();
List attributes = new ArrayList();
try {
Iterator iter = attributeMap.entrySet().iterator();
while (iter.hasNext()) {
Map.Entry entry = (Map.Entry) iter.next();
String attributeName = (String) entry.getKey();
String attributeValue = getAttributeValue(token, (String) entry.getValue());
if (attributeValue != null) {
Attribute attr = new Attribute(attributeName, SAMLConstants.assertionSAMLNameSpaceURI, attributeValue);
attributes.add(attr);
}
}
AttributeStatement statement = new AttributeStatement(subject, attributes);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Statements: attribute statement: " + statement.toString());
}
statements.add(statement);
return statements;
} catch (SAMLException ex) {
FSUtils.debug.error("FSDefaultAttributePlugin.getAttribute" + "Statements: SAML Exception", ex);
}
return new ArrayList();
}
Also used :
Attribute(com.sun.identity.saml.assertion.Attribute)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ArrayList(java.util.ArrayList)
SAMLException(com.sun.identity.saml.common.SAMLException)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)
Map(java.util.Map)
Aggregations
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)69
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)63
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)27
Iterator (java.util.Iterator)24
List (java.util.List)21
Set (java.util.Set)20
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)18
Map (java.util.Map)18
HashMap (java.util.HashMap)16
FSException (com.sun.identity.federation.common.FSException)15
ArrayList (java.util.ArrayList)15
HashSet (java.util.HashSet)14
IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)10
SAMLException (com.sun.identity.saml.common.SAMLException)10
IOException (java.io.IOException)10
CLIException (com.sun.identity.cli.CLIException)9
ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)9
IDPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)8
SPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)7
EntityDescriptorElement (com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)7
