use of com.sun.identity.liberty.ws.disco.ResourceOffering in project OpenAM by OpenRock.
the class FSDiscoveryBootStrap method getResourceOffering.
/**
* Gets the discovery bootstrap resource offering for the user.
* @return Document Discovery Resource Offering in an attribute statement
* @exception FSException if there's any failure.
*/
private Document getResourceOffering(FSSubject libSubject, AuthnContext authnContext, String userID, String wscID, String realm) throws FSException {
FSUtils.debug.message("FSDiscoveryBootStrap.getResourceOffering:Init");
StringBuffer sb = new StringBuffer(300);
sb.append("<").append(SAMLConstants.ASSERTION_PREFIX).append("AttributeValue").append(SAMLConstants.assertionDeclareStr).append(">").append(SAMLConstants.NL);
DiscoEntryElement discoEntry = DiscoServiceManager.getBootstrappingDiscoEntry();
if (discoEntry == null) {
throw new FSException("nullDiscoveryOffering", null);
}
try {
ResourceOfferingType offering = discoEntry.getResourceOffering();
ServiceInstanceType serviceInstance = offering.getServiceInstance();
String providerID = serviceInstance.getProviderID();
if (!DiscoServiceManager.useImpliedResource()) {
ResourceIDMapper idMapper = DiscoServiceManager.getResourceIDMapper(providerID);
if (idMapper == null) {
idMapper = DiscoServiceManager.getDefaultResourceIDMapper();
}
ObjectFactory fac = new com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory();
ResourceIDType resourceID = fac.createResourceIDType();
String resourceIDValue = idMapper.getResourceID(providerID, userID);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDiscoveryBootStrap.getResource" + "Offering: ResourceID Value:" + resourceIDValue);
}
resourceID.setValue(resourceIDValue);
offering.setResourceID(resourceID);
} else {
ObjectFactory fac = new com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory();
ResourceIDType resourceID = fac.createResourceIDType();
resourceID.setValue(DiscoConstants.IMPLIED_RESOURCE);
offering.setResourceID(resourceID);
}
List discoEntryList = new ArrayList();
discoEntryList.add(discoEntry);
SessionSubject sessionSubject = null;
if (DiscoServiceManager.encryptNIinSessionContext()) {
sessionSubject = new SessionSubject(EncryptedNameIdentifier.getEncryptedNameIdentifier(libSubject.getNameIdentifier(), realm, providerID), libSubject.getSubjectConfirmation(), libSubject.getIDPProvidedNameIdentifier());
} else {
sessionSubject = new SessionSubject(libSubject.getNameIdentifier(), libSubject.getSubjectConfirmation(), libSubject.getIDPProvidedNameIdentifier());
}
SessionContext invocatorSession = new SessionContext(sessionSubject, authnContext, providerID);
Map map = DiscoUtils.checkPolicyAndHandleDirectives(userID, null, discoEntryList, null, invocatorSession, wscID, _ssoToken);
List offerings = (List) map.get(DiscoUtils.OFFERINGS);
if (offerings.isEmpty()) {
FSUtils.debug.message("FSDiscoBootStrap.getResourceOffering:no ResourceOffering");
throw new FSException("nullDiscoveryOffering", null);
}
ResourceOffering resourceOffering = (ResourceOffering) offerings.get(0);
_assertions = (List) map.get(DiscoUtils.CREDENTIALS);
if ((_assertions != null) && (_assertions.size() != 0)) {
_hasCredentials = true;
}
sb.append(resourceOffering.toString());
sb.append("</").append(SAMLConstants.ASSERTION_PREFIX).append("AttributeValue>");
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDiscoveryBootStap.getResourceOffering:Resource Offering:" + sb.toString());
}
return XMLUtils.toDOMDocument(sb.toString(), null);
} catch (Exception ex) {
FSUtils.debug.error("FSDiscoveryBootStrap.getResourceOffering:" + "Exception while creating resource offering.", ex);
throw new FSException(ex);
}
}
use of com.sun.identity.liberty.ws.disco.ResourceOffering in project OpenAM by OpenRock.
the class LibertyManagerClient method getDiscoveryResourceOffering.
/**
* Returns the discovery service bootstrap resource offering.
* @param token Single Sign On Token.
* @param hostProviderID Hosted <code>ProviderID</code>.
* @return <code>ResourceOffering</code> Discovery Service bootstrap
* resource offering.
* @exception FSException if any failure.
*/
public ResourceOffering getDiscoveryResourceOffering(Object token, String hostProviderID) throws FSException {
try {
SessionProvider sessionProvider = SessionManager.getProvider();
String tokenID = sessionProvider.getSessionID(token);
String cacheKey = tokenID + DISCO_RO;
ResourceOffering ro = (ResourceOffering) bootStrapCache.get(cacheKey);
if (ro != null) {
return ro;
}
String[] objs = { tokenID, hostProviderID };
String resourceOffering = (String) client.send("getDiscoveryResourceOffering", objs, null, null);
if ((resourceOffering == null) || (resourceOffering.length() == 0)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LibertyManagerClient.getDiscovery" + "ResourceOffering: ResouceOffering is null or empty");
}
return null;
}
Document doc = XMLUtils.toDOMDocument(resourceOffering, FSUtils.debug);
ro = new ResourceOffering(doc.getDocumentElement());
sessionProvider.addListener(token, new LibertyClientSSOTokenListener());
bootStrapCache.put(cacheKey, ro);
return ro;
} catch (SessionException se) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LibertyManagerClient.getDiscovery" + "ResourceOffering: InvalidSessionToken", se);
}
throw new FSException(FSUtils.bundle.getString("invalidSSOToken"));
} catch (DiscoveryException de) {
FSUtils.debug.error("LibertyManagerClient.getDiscovery" + "ResourceOffering: Invalid ResourceOffering", de);
throw new FSException(FSUtils.bundle.getString("invalidResourceOffering"));
} catch (Exception ex) {
FSUtils.debug.error("LibertyManagerClient.getDiscovery" + "ResourceOffering: SOAPClient Exception", ex);
throw new FSException(FSUtils.bundle.getString("soapException"));
}
}
use of com.sun.identity.liberty.ws.disco.ResourceOffering in project OpenAM by OpenRock.
the class DiscoUtils method checkPolicyAndHandleDirectives.
/**
* Checks policy and returns resource offerings and credentials.
* @param userDN user DN
* @param message soap request <code>Message</code> received.
* @param results <code>Collection</code> of <code>InsertEntryType</code>
* objects.
* @param authorizer <code>Authorizer</code> object.
* @param invoSession <code>SessionContext</code>
* @param wscID web service client ID.
* @param token token of this soap session.
* @return Map of following key value pairs:
* <pre>
* Key: <code>OFFERINGS</code>
* Value: List of <code>ResourceOffering</code>s
* Key: <code>CREDENTIALS</code>
* Value: List of credentials (<code>Assertion</code>s)
* </pre>
*/
public static Map checkPolicyAndHandleDirectives(String userDN, Message message, Collection results, Authorizer authorizer, SessionContext invoSession, String wscID, Object token) {
DiscoUtils.debug.message("DiscoService.checkPolicyAndHandleDirectives");
List offerings = new LinkedList();
List credentials = new LinkedList();
Map env = null;
Iterator k = results.iterator();
while (k.hasNext()) {
InsertEntryType entry = (InsertEntryType) k.next();
if (authorizer != null) {
if (env == null) {
env = new HashMap();
env.put(Authorizer.USER_ID, userDN);
env.put(Authorizer.AUTH_TYPE, message.getAuthenticationMechanism());
env.put(Authorizer.MESSAGE, message);
}
if (!authorizer.isAuthorized(message.getToken(), DiscoConstants.ACTION_LOOKUP, entry.getResourceOffering(), env)) {
DiscoUtils.debug.error("DiscoveryService.checkPolicyAndHan" + "dleDirectives: WSC is not authorized to do lookup");
continue;
}
}
ResourceOffering current = null;
try {
current = new ResourceOffering(Utils.convertJAXBToElement(entry.getResourceOffering(), false));
} catch (Exception ex) {
DiscoUtils.debug.error("DiscoveryService.checkPolicyAndHandle" + "Directives:exception when constructing ResourceOffering:", ex);
continue;
}
List directives = entry.getAny();
if ((directives == null) || directives.isEmpty()) {
DiscoUtils.debug.message("DiscoService: no directives.");
offerings.add(current);
} else {
DiscoUtils.debug.message("DiscoService: has directives.");
handleDirectives(current, directives, userDN, message, invoSession, wscID, token, offerings, credentials);
}
}
Map returnMap = new HashMap();
returnMap.put(OFFERINGS, offerings);
returnMap.put(CREDENTIALS, credentials);
return returnMap;
}
use of com.sun.identity.liberty.ws.disco.ResourceOffering in project OpenAM by OpenRock.
the class AuthnSvcUtils method setResourceOfferingAndCredentials.
/**
* Sets resource offering and credentials to the SASL response based on
* provided sso token.
* @param saslResp a SASL response
* @param message a SOAP message containing a SASL request
* @param userDN Distinguished Name of the User.
* @return <code>true</code> if it sets correctly
*/
public static boolean setResourceOfferingAndCredentials(SASLResponse saslResp, Message message, String userDN) {
try {
DiscoEntryElement discoEntry = (DiscoEntryElement) DiscoServiceManager.getBootstrappingDiscoEntry();
ResourceOfferingType offering = discoEntry.getResourceOffering();
if (!DiscoServiceManager.useImpliedResource()) {
ServiceInstanceType serviceInstance = offering.getServiceInstance();
String providerID = serviceInstance.getProviderID();
ResourceIDMapper idMapper = DiscoServiceManager.getResourceIDMapper(providerID);
if (idMapper == null) {
idMapper = DiscoServiceManager.getDefaultResourceIDMapper();
}
ObjectFactory fac = new com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory();
ResourceIDType resourceID = fac.createResourceIDType();
String resourceIDValue = idMapper.getResourceID(providerID, userDN);
if (AuthnSvcUtils.debug.messageEnabled()) {
AuthnSvcUtils.debug.message("AuthnSvcUtils.setResourceOfferingAndCredentials" + "Offering: ResourceID Value:" + resourceIDValue);
}
resourceID.setValue(resourceIDValue);
offering.setResourceID(resourceID);
} else {
ObjectFactory fac = new com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory();
ResourceIDType resourceID = fac.createResourceIDType();
resourceID.setValue(DiscoConstants.IMPLIED_RESOURCE);
offering.setResourceID(resourceID);
}
List discoEntryList = new ArrayList();
discoEntryList.add(discoEntry);
Map map = DiscoUtils.checkPolicyAndHandleDirectives(userDN, message, discoEntryList, null, null, null, message.getToken());
List offerings = (List) map.get(DiscoUtils.OFFERINGS);
if (offerings.isEmpty()) {
if (AuthnSvcUtils.debug.messageEnabled()) {
AuthnSvcUtils.debug.message("AuthnSvcUtils.setResourceOfferingAndCredentials" + "no ResourceOffering");
}
return false;
}
ResourceOffering ro = (ResourceOffering) offerings.get(0);
saslResp.setResourceOffering(ro);
List assertions = (List) map.get(DiscoUtils.CREDENTIALS);
if ((assertions != null) && (!assertions.isEmpty())) {
Iterator iter = assertions.iterator();
List credentials = new ArrayList();
while (iter.hasNext()) {
SecurityAssertion assertion = (SecurityAssertion) iter.next();
Document doc = XMLUtils.toDOMDocument(assertion.toString(true, true), AuthnSvcUtils.debug);
credentials.add(doc.getDocumentElement());
}
saslResp.setCredentials(credentials);
}
return true;
} catch (Exception ex) {
debug.error("AuthnSvcUtils.setResourceOfferingAndCredentials:", ex);
return false;
}
}
use of com.sun.identity.liberty.ws.disco.ResourceOffering in project OpenAM by OpenRock.
the class MessageProcessor method secureRequest.
/**
* Secures the request by getting the credential from the discovery
* service.
*
* @param offering Resource Offering of the discovery service.
* @param credentials List of credentials that are required to access
* the discovery service.
* @param serviceType Service Type that the discovery service should
* need to look for.
* @param soapMessage SOAPMessage that needs to be secured.
* @param sharedData Any shared data that may be used between the request
* and the response.
* @return SOAPMessage Secured SOAP Message.
* @throws SOAPBindingException for any failure.
*/
public SOAPMessage secureRequest(ResourceOffering offering, List credentials, String serviceType, SOAPMessage soapMessage, Map sharedData) throws SOAPBindingException {
Utils.debug.message("MessageProcessor.secureRequest:Init");
try {
SOAPHeader header = addCorrelationHeader(soapMessage, null);
QueryResponse discoResponse = getWebserviceOffering(offering, credentials, serviceType);
if (Utils.debug.messageEnabled()) {
Utils.debug.message("MessageProcessor.secureRequest: " + "Discovery Response: " + discoResponse.toString());
}
ResourceOffering serviceOffering = (ResourceOffering) discoResponse.getResourceOffering().get(0);
List creds = discoResponse.getCredentials();
String securityProfile = processResourceOffering(serviceOffering);
SecurityAssertion securityAssertion = null;
// security token for this profile.
if (securityProfile.equals(Message.NULL_SAML) || securityProfile.equals(Message.TLS_SAML) || securityProfile.equals(Message.CLIENT_TLS_SAML) || securityProfile.equals(Message.NULL_BEARER) || securityProfile.equals(Message.TLS_BEARER) || securityProfile.equals(Message.CLIENT_TLS_BEARER) || securityProfile.equals(Message.NULL_SAML_WSF11) || securityProfile.equals(Message.TLS_SAML_WSF11) || securityProfile.equals(Message.CLIENT_TLS_SAML_WSF11) || securityProfile.equals(Message.NULL_BEARER_WSF11) || securityProfile.equals(Message.TLS_BEARER_WSF11) || securityProfile.equals(Message.CLIENT_TLS_BEARER_WSF11)) {
if (creds != null && creds.size() != 0) {
securityAssertion = (SecurityAssertion) creds.get(0);
securityAssertion.addToParent(header);
}
}
if (securityProfile.equals(Message.NULL_SAML) || securityProfile.equals(Message.TLS_SAML) || securityProfile.equals(Message.CLIENT_TLS_SAML) || securityProfile.equals(Message.NULL_X509) || securityProfile.equals(Message.TLS_X509) || securityProfile.equals(Message.CLIENT_TLS_X509) || securityProfile.equals(Message.NULL_SAML_WSF11) || securityProfile.equals(Message.TLS_SAML_WSF11) || securityProfile.equals(Message.CLIENT_TLS_SAML_WSF11) || securityProfile.equals(Message.NULL_X509_WSF11) || securityProfile.equals(Message.TLS_X509_WSF11) || securityProfile.equals(Message.CLIENT_TLS_X509_WSF11)) {
soapMessage = signMessage(soapMessage, securityProfile, securityAssertion);
}
if (Utils.debug.messageEnabled()) {
Utils.debug.message("MessageProcessor.secureRequest: " + XMLUtils.print(soapMessage.getSOAPPart().getEnvelope()));
}
return soapMessage;
} catch (Exception ex) {
Utils.debug.error("MessageProcessor.secureRequest: Failure in " + "Securing the request.", ex);
throw new SOAPBindingException(Utils.bundle.getString("secureRequestFailed"));
}
}
Aggregations