Search in sources :

Example 1 with ResourceOffering

use of com.sun.identity.liberty.ws.disco.ResourceOffering in project OpenAM by OpenRock.

the class FSDiscoveryBootStrap method getResourceOffering.

/**
     * Gets the discovery bootstrap resource offering for the user.
     * @return Document Discovery Resource Offering in an attribute statement
     * @exception FSException if there's any failure.
     */
private Document getResourceOffering(FSSubject libSubject, AuthnContext authnContext, String userID, String wscID, String realm) throws FSException {
    FSUtils.debug.message("FSDiscoveryBootStrap.getResourceOffering:Init");
    StringBuffer sb = new StringBuffer(300);
    sb.append("<").append(SAMLConstants.ASSERTION_PREFIX).append("AttributeValue").append(SAMLConstants.assertionDeclareStr).append(">").append(SAMLConstants.NL);
    DiscoEntryElement discoEntry = DiscoServiceManager.getBootstrappingDiscoEntry();
    if (discoEntry == null) {
        throw new FSException("nullDiscoveryOffering", null);
    }
    try {
        ResourceOfferingType offering = discoEntry.getResourceOffering();
        ServiceInstanceType serviceInstance = offering.getServiceInstance();
        String providerID = serviceInstance.getProviderID();
        if (!DiscoServiceManager.useImpliedResource()) {
            ResourceIDMapper idMapper = DiscoServiceManager.getResourceIDMapper(providerID);
            if (idMapper == null) {
                idMapper = DiscoServiceManager.getDefaultResourceIDMapper();
            }
            ObjectFactory fac = new com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory();
            ResourceIDType resourceID = fac.createResourceIDType();
            String resourceIDValue = idMapper.getResourceID(providerID, userID);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSDiscoveryBootStrap.getResource" + "Offering: ResourceID Value:" + resourceIDValue);
            }
            resourceID.setValue(resourceIDValue);
            offering.setResourceID(resourceID);
        } else {
            ObjectFactory fac = new com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory();
            ResourceIDType resourceID = fac.createResourceIDType();
            resourceID.setValue(DiscoConstants.IMPLIED_RESOURCE);
            offering.setResourceID(resourceID);
        }
        List discoEntryList = new ArrayList();
        discoEntryList.add(discoEntry);
        SessionSubject sessionSubject = null;
        if (DiscoServiceManager.encryptNIinSessionContext()) {
            sessionSubject = new SessionSubject(EncryptedNameIdentifier.getEncryptedNameIdentifier(libSubject.getNameIdentifier(), realm, providerID), libSubject.getSubjectConfirmation(), libSubject.getIDPProvidedNameIdentifier());
        } else {
            sessionSubject = new SessionSubject(libSubject.getNameIdentifier(), libSubject.getSubjectConfirmation(), libSubject.getIDPProvidedNameIdentifier());
        }
        SessionContext invocatorSession = new SessionContext(sessionSubject, authnContext, providerID);
        Map map = DiscoUtils.checkPolicyAndHandleDirectives(userID, null, discoEntryList, null, invocatorSession, wscID, _ssoToken);
        List offerings = (List) map.get(DiscoUtils.OFFERINGS);
        if (offerings.isEmpty()) {
            FSUtils.debug.message("FSDiscoBootStrap.getResourceOffering:no ResourceOffering");
            throw new FSException("nullDiscoveryOffering", null);
        }
        ResourceOffering resourceOffering = (ResourceOffering) offerings.get(0);
        _assertions = (List) map.get(DiscoUtils.CREDENTIALS);
        if ((_assertions != null) && (_assertions.size() != 0)) {
            _hasCredentials = true;
        }
        sb.append(resourceOffering.toString());
        sb.append("</").append(SAMLConstants.ASSERTION_PREFIX).append("AttributeValue>");
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSDiscoveryBootStap.getResourceOffering:Resource Offering:" + sb.toString());
        }
        return XMLUtils.toDOMDocument(sb.toString(), null);
    } catch (Exception ex) {
        FSUtils.debug.error("FSDiscoveryBootStrap.getResourceOffering:" + "Exception while creating resource offering.", ex);
        throw new FSException(ex);
    }
}
Also used : ResourceOffering(com.sun.identity.liberty.ws.disco.ResourceOffering) ArrayList(java.util.ArrayList) DiscoEntryElement(com.sun.identity.liberty.ws.disco.plugins.jaxb.DiscoEntryElement) FSException(com.sun.identity.federation.common.FSException) ResourceIDMapper(com.sun.identity.liberty.ws.interfaces.ResourceIDMapper) FSException(com.sun.identity.federation.common.FSException) ArrayList(java.util.ArrayList) List(java.util.List) Map(java.util.Map)

Example 2 with ResourceOffering

use of com.sun.identity.liberty.ws.disco.ResourceOffering in project OpenAM by OpenRock.

the class LibertyManagerClient method getDiscoveryResourceOffering.

/**
     * Returns the discovery service bootstrap resource offering. 
     * @param token Single Sign On Token.
     * @param hostProviderID Hosted <code>ProviderID</code>.
     * @return <code>ResourceOffering</code> Discovery Service bootstrap
     *  resource offering.
     * @exception FSException if any failure.
     */
public ResourceOffering getDiscoveryResourceOffering(Object token, String hostProviderID) throws FSException {
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        String tokenID = sessionProvider.getSessionID(token);
        String cacheKey = tokenID + DISCO_RO;
        ResourceOffering ro = (ResourceOffering) bootStrapCache.get(cacheKey);
        if (ro != null) {
            return ro;
        }
        String[] objs = { tokenID, hostProviderID };
        String resourceOffering = (String) client.send("getDiscoveryResourceOffering", objs, null, null);
        if ((resourceOffering == null) || (resourceOffering.length() == 0)) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("LibertyManagerClient.getDiscovery" + "ResourceOffering: ResouceOffering is null or empty");
            }
            return null;
        }
        Document doc = XMLUtils.toDOMDocument(resourceOffering, FSUtils.debug);
        ro = new ResourceOffering(doc.getDocumentElement());
        sessionProvider.addListener(token, new LibertyClientSSOTokenListener());
        bootStrapCache.put(cacheKey, ro);
        return ro;
    } catch (SessionException se) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("LibertyManagerClient.getDiscovery" + "ResourceOffering: InvalidSessionToken", se);
        }
        throw new FSException(FSUtils.bundle.getString("invalidSSOToken"));
    } catch (DiscoveryException de) {
        FSUtils.debug.error("LibertyManagerClient.getDiscovery" + "ResourceOffering: Invalid ResourceOffering", de);
        throw new FSException(FSUtils.bundle.getString("invalidResourceOffering"));
    } catch (Exception ex) {
        FSUtils.debug.error("LibertyManagerClient.getDiscovery" + "ResourceOffering: SOAPClient Exception", ex);
        throw new FSException(FSUtils.bundle.getString("soapException"));
    }
}
Also used : ResourceOffering(com.sun.identity.liberty.ws.disco.ResourceOffering) FSException(com.sun.identity.federation.common.FSException) SessionException(com.sun.identity.plugin.session.SessionException) Document(org.w3c.dom.Document) DiscoveryException(com.sun.identity.liberty.ws.disco.DiscoveryException) DiscoveryException(com.sun.identity.liberty.ws.disco.DiscoveryException) SessionException(com.sun.identity.plugin.session.SessionException) FSException(com.sun.identity.federation.common.FSException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 3 with ResourceOffering

use of com.sun.identity.liberty.ws.disco.ResourceOffering in project OpenAM by OpenRock.

the class DiscoUtils method checkPolicyAndHandleDirectives.

/**
     * Checks policy and returns resource offerings and credentials.
     * @param userDN user DN
     * @param message soap request <code>Message</code> received.
     * @param results <code>Collection</code> of <code>InsertEntryType</code>
     *  objects.
     * @param authorizer <code>Authorizer</code> object.
     * @param invoSession <code>SessionContext</code>
     * @param wscID web service client ID.
     * @param token token of this soap session.
     * @return Map of following key value pairs:
     *  <pre>
     *  Key: <code>OFFERINGS</code>
     *  Value: List of <code>ResourceOffering</code>s
     *  Key: <code>CREDENTIALS</code>
     *  Value: List of credentials (<code>Assertion</code>s)
     *  </pre>
     */
public static Map checkPolicyAndHandleDirectives(String userDN, Message message, Collection results, Authorizer authorizer, SessionContext invoSession, String wscID, Object token) {
    DiscoUtils.debug.message("DiscoService.checkPolicyAndHandleDirectives");
    List offerings = new LinkedList();
    List credentials = new LinkedList();
    Map env = null;
    Iterator k = results.iterator();
    while (k.hasNext()) {
        InsertEntryType entry = (InsertEntryType) k.next();
        if (authorizer != null) {
            if (env == null) {
                env = new HashMap();
                env.put(Authorizer.USER_ID, userDN);
                env.put(Authorizer.AUTH_TYPE, message.getAuthenticationMechanism());
                env.put(Authorizer.MESSAGE, message);
            }
            if (!authorizer.isAuthorized(message.getToken(), DiscoConstants.ACTION_LOOKUP, entry.getResourceOffering(), env)) {
                DiscoUtils.debug.error("DiscoveryService.checkPolicyAndHan" + "dleDirectives: WSC is not authorized to do lookup");
                continue;
            }
        }
        ResourceOffering current = null;
        try {
            current = new ResourceOffering(Utils.convertJAXBToElement(entry.getResourceOffering(), false));
        } catch (Exception ex) {
            DiscoUtils.debug.error("DiscoveryService.checkPolicyAndHandle" + "Directives:exception when constructing ResourceOffering:", ex);
            continue;
        }
        List directives = entry.getAny();
        if ((directives == null) || directives.isEmpty()) {
            DiscoUtils.debug.message("DiscoService: no directives.");
            offerings.add(current);
        } else {
            DiscoUtils.debug.message("DiscoService: has directives.");
            handleDirectives(current, directives, userDN, message, invoSession, wscID, token, offerings, credentials);
        }
    }
    Map returnMap = new HashMap();
    returnMap.put(OFFERINGS, offerings);
    returnMap.put(CREDENTIALS, credentials);
    return returnMap;
}
Also used : ResourceOffering(com.sun.identity.liberty.ws.disco.ResourceOffering) HashMap(java.util.HashMap) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) LinkedList(java.util.LinkedList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map) LinkedList(java.util.LinkedList) DiscoveryException(com.sun.identity.liberty.ws.disco.DiscoveryException)

Example 4 with ResourceOffering

use of com.sun.identity.liberty.ws.disco.ResourceOffering in project OpenAM by OpenRock.

the class AuthnSvcUtils method setResourceOfferingAndCredentials.

/**
     * Sets resource offering and credentials to the SASL response based on
     * provided sso token.
     * @param saslResp a SASL response
     * @param message a SOAP message containing a SASL request
     * @param userDN Distinguished Name of the User.
     * @return <code>true</code> if it sets correctly
     */
public static boolean setResourceOfferingAndCredentials(SASLResponse saslResp, Message message, String userDN) {
    try {
        DiscoEntryElement discoEntry = (DiscoEntryElement) DiscoServiceManager.getBootstrappingDiscoEntry();
        ResourceOfferingType offering = discoEntry.getResourceOffering();
        if (!DiscoServiceManager.useImpliedResource()) {
            ServiceInstanceType serviceInstance = offering.getServiceInstance();
            String providerID = serviceInstance.getProviderID();
            ResourceIDMapper idMapper = DiscoServiceManager.getResourceIDMapper(providerID);
            if (idMapper == null) {
                idMapper = DiscoServiceManager.getDefaultResourceIDMapper();
            }
            ObjectFactory fac = new com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory();
            ResourceIDType resourceID = fac.createResourceIDType();
            String resourceIDValue = idMapper.getResourceID(providerID, userDN);
            if (AuthnSvcUtils.debug.messageEnabled()) {
                AuthnSvcUtils.debug.message("AuthnSvcUtils.setResourceOfferingAndCredentials" + "Offering: ResourceID Value:" + resourceIDValue);
            }
            resourceID.setValue(resourceIDValue);
            offering.setResourceID(resourceID);
        } else {
            ObjectFactory fac = new com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory();
            ResourceIDType resourceID = fac.createResourceIDType();
            resourceID.setValue(DiscoConstants.IMPLIED_RESOURCE);
            offering.setResourceID(resourceID);
        }
        List discoEntryList = new ArrayList();
        discoEntryList.add(discoEntry);
        Map map = DiscoUtils.checkPolicyAndHandleDirectives(userDN, message, discoEntryList, null, null, null, message.getToken());
        List offerings = (List) map.get(DiscoUtils.OFFERINGS);
        if (offerings.isEmpty()) {
            if (AuthnSvcUtils.debug.messageEnabled()) {
                AuthnSvcUtils.debug.message("AuthnSvcUtils.setResourceOfferingAndCredentials" + "no ResourceOffering");
            }
            return false;
        }
        ResourceOffering ro = (ResourceOffering) offerings.get(0);
        saslResp.setResourceOffering(ro);
        List assertions = (List) map.get(DiscoUtils.CREDENTIALS);
        if ((assertions != null) && (!assertions.isEmpty())) {
            Iterator iter = assertions.iterator();
            List credentials = new ArrayList();
            while (iter.hasNext()) {
                SecurityAssertion assertion = (SecurityAssertion) iter.next();
                Document doc = XMLUtils.toDOMDocument(assertion.toString(true, true), AuthnSvcUtils.debug);
                credentials.add(doc.getDocumentElement());
            }
            saslResp.setCredentials(credentials);
        }
        return true;
    } catch (Exception ex) {
        debug.error("AuthnSvcUtils.setResourceOfferingAndCredentials:", ex);
        return false;
    }
}
Also used : ResourceOffering(com.sun.identity.liberty.ws.disco.ResourceOffering) ResourceOfferingType(com.sun.identity.liberty.ws.disco.jaxb.ResourceOfferingType) ArrayList(java.util.ArrayList) SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion) Document(org.w3c.dom.Document) DiscoEntryElement(com.sun.identity.liberty.ws.disco.plugins.jaxb.DiscoEntryElement) ServiceInstanceType(com.sun.identity.liberty.ws.disco.jaxb.ServiceInstanceType) ResourceIDMapper(com.sun.identity.liberty.ws.interfaces.ResourceIDMapper) ObjectFactory(com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) List(java.util.List) ResourceIDType(com.sun.identity.liberty.ws.disco.jaxb.ResourceIDType) Map(java.util.Map)

Example 5 with ResourceOffering

use of com.sun.identity.liberty.ws.disco.ResourceOffering in project OpenAM by OpenRock.

the class MessageProcessor method secureRequest.

/**
     * Secures the request by getting the credential from the discovery
     * service.
     *
     * @param offering Resource Offering of the discovery service.
     * @param credentials List of credentials that are required to access
     *        the discovery service.
     * @param serviceType Service Type that the discovery service should
     *        need to look for.
     * @param soapMessage SOAPMessage that needs to be secured.
     * @param sharedData Any shared data that may be used between the request
     *        and the response.
     * @return SOAPMessage Secured SOAP Message.
     * @throws SOAPBindingException for any failure.
     */
public SOAPMessage secureRequest(ResourceOffering offering, List credentials, String serviceType, SOAPMessage soapMessage, Map sharedData) throws SOAPBindingException {
    Utils.debug.message("MessageProcessor.secureRequest:Init");
    try {
        SOAPHeader header = addCorrelationHeader(soapMessage, null);
        QueryResponse discoResponse = getWebserviceOffering(offering, credentials, serviceType);
        if (Utils.debug.messageEnabled()) {
            Utils.debug.message("MessageProcessor.secureRequest: " + "Discovery Response: " + discoResponse.toString());
        }
        ResourceOffering serviceOffering = (ResourceOffering) discoResponse.getResourceOffering().get(0);
        List creds = discoResponse.getCredentials();
        String securityProfile = processResourceOffering(serviceOffering);
        SecurityAssertion securityAssertion = null;
        // security token for this profile.
        if (securityProfile.equals(Message.NULL_SAML) || securityProfile.equals(Message.TLS_SAML) || securityProfile.equals(Message.CLIENT_TLS_SAML) || securityProfile.equals(Message.NULL_BEARER) || securityProfile.equals(Message.TLS_BEARER) || securityProfile.equals(Message.CLIENT_TLS_BEARER) || securityProfile.equals(Message.NULL_SAML_WSF11) || securityProfile.equals(Message.TLS_SAML_WSF11) || securityProfile.equals(Message.CLIENT_TLS_SAML_WSF11) || securityProfile.equals(Message.NULL_BEARER_WSF11) || securityProfile.equals(Message.TLS_BEARER_WSF11) || securityProfile.equals(Message.CLIENT_TLS_BEARER_WSF11)) {
            if (creds != null && creds.size() != 0) {
                securityAssertion = (SecurityAssertion) creds.get(0);
                securityAssertion.addToParent(header);
            }
        }
        if (securityProfile.equals(Message.NULL_SAML) || securityProfile.equals(Message.TLS_SAML) || securityProfile.equals(Message.CLIENT_TLS_SAML) || securityProfile.equals(Message.NULL_X509) || securityProfile.equals(Message.TLS_X509) || securityProfile.equals(Message.CLIENT_TLS_X509) || securityProfile.equals(Message.NULL_SAML_WSF11) || securityProfile.equals(Message.TLS_SAML_WSF11) || securityProfile.equals(Message.CLIENT_TLS_SAML_WSF11) || securityProfile.equals(Message.NULL_X509_WSF11) || securityProfile.equals(Message.TLS_X509_WSF11) || securityProfile.equals(Message.CLIENT_TLS_X509_WSF11)) {
            soapMessage = signMessage(soapMessage, securityProfile, securityAssertion);
        }
        if (Utils.debug.messageEnabled()) {
            Utils.debug.message("MessageProcessor.secureRequest: " + XMLUtils.print(soapMessage.getSOAPPart().getEnvelope()));
        }
        return soapMessage;
    } catch (Exception ex) {
        Utils.debug.error("MessageProcessor.secureRequest: Failure in " + "Securing the request.", ex);
        throw new SOAPBindingException(Utils.bundle.getString("secureRequestFailed"));
    }
}
Also used : ResourceOffering(com.sun.identity.liberty.ws.disco.ResourceOffering) QueryResponse(com.sun.identity.liberty.ws.disco.QueryResponse) ArrayList(java.util.ArrayList) NodeList(org.w3c.dom.NodeList) List(java.util.List) SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion) SOAPHeader(javax.xml.soap.SOAPHeader) SOAPException(javax.xml.soap.SOAPException)

Aggregations

ResourceOffering (com.sun.identity.liberty.ws.disco.ResourceOffering)8 ArrayList (java.util.ArrayList)5 List (java.util.List)5 Map (java.util.Map)4 DiscoveryException (com.sun.identity.liberty.ws.disco.DiscoveryException)3 DiscoEntryElement (com.sun.identity.liberty.ws.disco.plugins.jaxb.DiscoEntryElement)3 ResourceIDMapper (com.sun.identity.liberty.ws.interfaces.ResourceIDMapper)3 SessionException (com.sun.identity.plugin.session.SessionException)3 FSException (com.sun.identity.federation.common.FSException)2 ObjectFactory (com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory)2 ResourceIDType (com.sun.identity.liberty.ws.disco.jaxb.ResourceIDType)2 ResourceOfferingType (com.sun.identity.liberty.ws.disco.jaxb.ResourceOfferingType)2 ServiceInstanceType (com.sun.identity.liberty.ws.disco.jaxb.ServiceInstanceType)2 SecurityAssertion (com.sun.identity.liberty.ws.security.SecurityAssertion)2 SessionProvider (com.sun.identity.plugin.session.SessionProvider)2 Iterator (java.util.Iterator)2 SOAPException (javax.xml.soap.SOAPException)2 Document (org.w3c.dom.Document)2 NodeList (org.w3c.dom.NodeList)2 AuthnContext (com.sun.identity.federation.message.common.AuthnContext)1