Search in sources :

Example 6 with ResourceOffering

use of com.sun.identity.liberty.ws.disco.ResourceOffering in project OpenAM by OpenRock.

the class SAML2SDKUtils method getDiscoveryBootStrapResourceOffering.

/**
     * Gets the Discovery bootstrap resource offering in an attribute
     * statement. After a single sign-on with an Identity Provider, a service
     * provider may get Discovery service esource Offerings through a SAML2
     * assertion. This APIs helps in retrieving the resource offerings
     * if the user has been authenticated through the SAML2 SSO. It will
     * need to have a valid single sign on token (generated through the
     * SAML2 SSO).
     *
     * @param request <code>HttpServletRequest</code> associated with a user
     *        session.
     * @return <code>ResourceOffering</code> Discovery Resource Offering,
     *         null if there is any failure  or if there is not one
     */
public static ResourceOffering getDiscoveryBootStrapResourceOffering(HttpServletRequest request) {
    if (request == null) {
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.getDiscoveryBootStrapResource" + "Offerings: null Input params");
        }
        return null;
    }
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        Object session = sessionProvider.getSession(request);
        String[] roStr = sessionProvider.getProperty(session, SAML2Constants.DISCOVERY_BOOTSTRAP_ATTRIBUTE_NAME);
        if ((roStr == null) || (roStr.length == 0)) {
            return null;
        }
        return new ResourceOffering(XMLUtils.toDOMDocument(roStr[0], debug).getDocumentElement());
    } catch (Exception ex) {
        debug.error("SAML2Utils.getDiscoveryBootStrapResourceOfferings: " + " Exception while retrieving discovery boot strap info.", ex);
        return null;
    }
}
Also used : ResourceOffering(com.sun.identity.liberty.ws.disco.ResourceOffering) SOAPException(javax.xml.soap.SOAPException) InvocationTargetException(java.lang.reflect.InvocationTargetException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 7 with ResourceOffering

use of com.sun.identity.liberty.ws.disco.ResourceOffering in project OpenAM by OpenRock.

the class DiscoveryBootstrap method getResourceOffering.

/**
     * Gets the discovery bootstrap resource offering for the user.
     * @return Discovery Resource Offering String
     * @exception  SAML2Exception if there's any failure.
     */
private String getResourceOffering(String authnContextClassRef, Subject subject, String wscID, String realm) throws SAML2Exception {
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("DiscoveryBootstrap.getResourceOffering:Init");
    }
    DiscoEntryElement discoEntry = DiscoServiceManager.getBootstrappingDiscoEntry();
    if (discoEntry == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("missingUnivID"));
    }
    String[] values = null;
    try {
        values = SessionManager.getProvider().getProperty(session, Constants.UNIVERSAL_IDENTIFIER);
    } catch (SessionException se) {
        throw new SAML2Exception(se);
    }
    if ((values == null) || (values.length == 0)) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("missingDiscoOffering"));
    }
    String univID = values[0];
    try {
        ResourceOfferingType offering = discoEntry.getResourceOffering();
        ServiceInstanceType serviceInstance = offering.getServiceInstance();
        String providerID = serviceInstance.getProviderID();
        if (!DiscoServiceManager.useImpliedResource()) {
            ResourceIDMapper idMapper = DiscoServiceManager.getResourceIDMapper(providerID);
            if (idMapper == null) {
                idMapper = DiscoServiceManager.getDefaultResourceIDMapper();
            }
            ObjectFactory fac = new ObjectFactory();
            ResourceIDType resourceID = fac.createResourceIDType();
            String resourceIDValue = idMapper.getResourceID(providerID, univID);
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("DiscoveryBootstrap.getResourceOffering: " + "ResourceID Value:" + resourceIDValue);
            }
            resourceID.setValue(resourceIDValue);
            offering.setResourceID(resourceID);
        } else {
            ObjectFactory fac = new com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory();
            ResourceIDType resourceID = fac.createResourceIDType();
            resourceID.setValue(DiscoConstants.IMPLIED_RESOURCE);
            offering.setResourceID(resourceID);
        }
        List discoEntryList = new ArrayList();
        discoEntryList.add(discoEntry);
        SessionSubject sessionSubject = null;
        if (DiscoServiceManager.encryptNIinSessionContext()) {
            IDPSSODescriptorElement idpSSODesc = SAML2Utils.getSAML2MetaManager().getIDPSSODescriptor(realm, providerID);
            EncInfo encInfo = KeyUtil.getEncInfo(idpSSODesc, wscID, SAML2Constants.IDP_ROLE);
            NameIdentifier ni = EncryptedNameIdentifier.getEncryptedNameIdentifier(convertSPNameID(subject.getNameID()), providerID, encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength());
            sessionSubject = new SessionSubject(ni, convertSC(subject.getSubjectConfirmation()), convertIDPNameID(subject.getNameID()));
        } else {
            sessionSubject = new SessionSubject(convertSPNameID(subject.getNameID()), convertSC(subject.getSubjectConfirmation()), convertIDPNameID(subject.getNameID()));
        }
        AuthnContext authnContext = new AuthnContext(authnContextClassRef, null);
        authnContext.setMinorVersion(IFSConstants.FF_12_PROTOCOL_MINOR_VERSION);
        SessionContext invocatorSession = new SessionContext(sessionSubject, authnContext, providerID);
        Map map = DiscoUtils.checkPolicyAndHandleDirectives(univID, null, discoEntryList, null, invocatorSession, wscID, session);
        List offerings = (List) map.get(DiscoUtils.OFFERINGS);
        if (offerings.isEmpty()) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("DiscoveryBootstrap.getResourceOffering:" + "no ResourceOffering");
            }
            throw new SAML2Exception(SAML2Utils.bundle.getString("missingDiscoOffering"));
        }
        ResourceOffering resourceOffering = (ResourceOffering) offerings.get(0);
        assertions = (List) map.get(DiscoUtils.CREDENTIALS);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("DiscoveryBootstrap.getResourceOffering: " + "Resource Offering:" + resourceOffering);
        }
        return resourceOffering.toString();
    } catch (Exception ex) {
        SAML2Utils.debug.error("DiscoveryBootstrap.getResourceOffering:" + "Exception while creating resource offering.", ex);
        throw new SAML2Exception(ex);
    }
}
Also used : ResourceOffering(com.sun.identity.liberty.ws.disco.ResourceOffering) SessionSubject(com.sun.identity.liberty.ws.security.SessionSubject) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier) EncryptedNameIdentifier(com.sun.identity.federation.message.common.EncryptedNameIdentifier) ResourceOfferingType(com.sun.identity.liberty.ws.disco.jaxb.ResourceOfferingType) ArrayList(java.util.ArrayList) SessionException(com.sun.identity.plugin.session.SessionException) DiscoEntryElement(com.sun.identity.liberty.ws.disco.plugins.jaxb.DiscoEntryElement) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) AuthnContext(com.sun.identity.federation.message.common.AuthnContext) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) EncInfo(com.sun.identity.saml2.key.EncInfo) ServiceInstanceType(com.sun.identity.liberty.ws.disco.jaxb.ServiceInstanceType) ResourceIDMapper(com.sun.identity.liberty.ws.interfaces.ResourceIDMapper) ObjectFactory(com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory) SessionContext(com.sun.identity.liberty.ws.security.SessionContext) ArrayList(java.util.ArrayList) List(java.util.List) ResourceIDType(com.sun.identity.liberty.ws.disco.jaxb.ResourceIDType) Map(java.util.Map) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)

Example 8 with ResourceOffering

use of com.sun.identity.liberty.ws.disco.ResourceOffering in project OpenAM by OpenRock.

the class LibertyManagerImpl method getDiscoveryResourceOffering.

/**
     * Returns the discovery service bootstrap resource offering. 
     * @param tokenID Single Sign On Token ID.
     * @param hostProviderID Hosted <code>ProviderID</code>.
     * @return <code>String</code> Discovery Service Resource Offering.
     * @exception RemoteException if any failure.
     */
public String getDiscoveryResourceOffering(String tokenID, String hostProviderID) throws RemoteException {
    try {
        Object token = SessionManager.getProvider().getSession(tokenID);
        FSSession session = FSSessionManager.getInstance(IDFFMetaUtils.getMetaAlias(IFSConstants.ROOT_REALM, hostProviderID, IFSConstants.SP, null)).getSession(token);
        if (session == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("LibertyManagerImpl.getDiscovery:" + "ResourceOffering: no FSSession found");
            }
            return null;
        }
        NodeList bootStrapRO = session.getBootStrapResourceOfferings();
        if (bootStrapRO == null || bootStrapRO.getLength() == 0) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("LibertyManagerImpl.getDiscovery:" + "ResourceOffering: bootstrap resource offering is null");
            }
            return null;
        }
        ResourceOffering offering = new ResourceOffering((Element) bootStrapRO.item(0));
        return offering.toString();
    } catch (SessionException se) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("LibertyManagerImpl.getDiscoveryResource" + "Offering: SessionException", se);
        }
        throw new RemoteException(FSUtils.bundle.getString("invalidSSOToken"));
    } catch (DiscoveryException de) {
        FSUtils.debug.error("LibertyManagerImpl.getDiscoveryResource" + "Offering: Resource Offering parsing error", de);
        throw new RemoteException(FSUtils.bundle.getString("invalidResourceOffering"));
    }
}
Also used : ResourceOffering(com.sun.identity.liberty.ws.disco.ResourceOffering) NodeList(org.w3c.dom.NodeList) FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) RemoteException(java.rmi.RemoteException) DiscoveryException(com.sun.identity.liberty.ws.disco.DiscoveryException)

Aggregations

ResourceOffering (com.sun.identity.liberty.ws.disco.ResourceOffering)8 ArrayList (java.util.ArrayList)5 List (java.util.List)5 Map (java.util.Map)4 DiscoveryException (com.sun.identity.liberty.ws.disco.DiscoveryException)3 DiscoEntryElement (com.sun.identity.liberty.ws.disco.plugins.jaxb.DiscoEntryElement)3 ResourceIDMapper (com.sun.identity.liberty.ws.interfaces.ResourceIDMapper)3 SessionException (com.sun.identity.plugin.session.SessionException)3 FSException (com.sun.identity.federation.common.FSException)2 ObjectFactory (com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory)2 ResourceIDType (com.sun.identity.liberty.ws.disco.jaxb.ResourceIDType)2 ResourceOfferingType (com.sun.identity.liberty.ws.disco.jaxb.ResourceOfferingType)2 ServiceInstanceType (com.sun.identity.liberty.ws.disco.jaxb.ServiceInstanceType)2 SecurityAssertion (com.sun.identity.liberty.ws.security.SecurityAssertion)2 SessionProvider (com.sun.identity.plugin.session.SessionProvider)2 Iterator (java.util.Iterator)2 SOAPException (javax.xml.soap.SOAPException)2 Document (org.w3c.dom.Document)2 NodeList (org.w3c.dom.NodeList)2 AuthnContext (com.sun.identity.federation.message.common.AuthnContext)1