Example 6 with SPDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType in project OpenAM by OpenRock.
the class FSAssertionConsumerService method doPost.
/**
* Handles post profile.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @exception ServletException, IOException if error occurs.
*/
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSAssertionConsumerService.doPost : called");
Document doc = null;
if ((request == null) || (response == null)) {
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
return;
}
String metaAlias = FSServiceUtils.getMetaAlias(request);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
String baseURL = FSServiceUtils.getBaseURL(request);
String framedPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, null, null, request, baseURL);
String hostEntityId = null;
SPDescriptorType hostDesc = null;
BaseConfigType hostConfig = null;
try {
hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
hostDesc = metaManager.getSPDescriptor(realm, hostEntityId);
hostConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId);
} catch (Exception e) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Exception when obtain host meta data:", e);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
// obtain AuthnResponse message
String encodedAuthnResponse = request.getParameter(IFSConstants.POST_AUTHN_RESPONSE_PARAM);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "Base64 encoded AuthnResponse: " + encodedAuthnResponse);
}
if (encodedAuthnResponse == null) {
String[] data = { FSUtils.bundle.getString("missingAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.MISSING_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("missingAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
encodedAuthnResponse = encodedAuthnResponse.replace(' ', '\n');
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "Base64 encoded AuthnResponse2: " + encodedAuthnResponse);
}
FSAuthnResponse authnResponse = null;
try {
String decodedAuthnResponse = new String(Base64.decode(encodedAuthnResponse));
FSUtils.debug.message("Decoded authnResponse" + decodedAuthnResponse);
doc = XMLUtils.toDOMDocument(decodedAuthnResponse, FSUtils.debug);
if (doc == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost:Error " + "while parsing input xml string");
}
throw new FSMsgException("parseError", null);
}
authnResponse = new FSAuthnResponse(doc.getDocumentElement());
if (authnResponse == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. " + "Can't parse Base64 encoded AuthnResponse");
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
} catch (FSException e) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. FSException" + " occured while parsing Base64 encoded AuthnResponse: ", e);
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
} catch (SAMLException e) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. SAMLException" + " occurred while parsing Base64 encoded AuthnResponse: ", e);
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "AuthnResponse received is valid: " + authnResponse.toXMLString());
}
} catch (FSException e) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. FSException" + " occurred while calling AuthnResponse.toXMLString(): ", e);
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
FSAuthnRequest authnRequest = null;
String requestID = authnResponse.getInResponseTo();
if (requestID == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. AuthnResponse " + "received does not have inResponseTo attribute");
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "AuthnResponse received is against requestID: " + requestID);
}
authnRequest = getInResponseToRequest(requestID, metaAlias);
if (authnRequest == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. AuthnResponse" + " received does not have an associated AuthnRequest");
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
String framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, authnRequest.getRelayState(), null, request, baseURL);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "inResponseTo validation is successful");
}
try {
String idpEntityId = null;
IDPDescriptorType idpDescriptor = null;
if (!authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_LECP)) {
idpEntityId = getProvider(authnResponse.getInResponseTo(), metaAlias);
idpDescriptor = metaManager.getIDPDescriptor(realm, idpEntityId);
if (idpEntityId == null || idpDescriptor == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. Sender information " + "not found for the received AuthnResponse");
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
if ((FSServiceUtils.isSigningOn() || (FSServiceUtils.isSigningOptional() && authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_POST))) && !verifyAuthnResponseSignature(doc, idpDescriptor, idpEntityId)) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: Signature " + "verification failed");
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "LECP Profile identified. IDP info is unknown so far" + "Get providerId from the response");
}
idpEntityId = authnResponse.getProviderId();
idpDescriptor = metaManager.getIDPDescriptor(realm, idpEntityId);
}
// handle sso
FSServiceManager sm = FSServiceManager.getInstance();
FSAssertionArtifactHandler handler = sm.getAssertionArtifactHandler(request, response, authnRequest, authnResponse, idpDescriptor, idpEntityId);
if (handler == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "could not create AssertionArtifactHandler");
String[] data = { FSUtils.bundle.getString("requestProcessingFailed") };
LogUtil.error(Level.INFO, LogUtil.AUTHN_REQUEST_PROCESSING_FAILED, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("requestProcessingFailed") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
handler.setHostEntityId(hostEntityId);
handler.setHostDescriptor(hostDesc);
handler.setHostDescriptorConfig(hostConfig);
handler.setMetaAlias(metaAlias);
handler.setRealm(realm);
handler.processAuthnResponse(authnResponse);
return;
} catch (Exception se) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Exception: ", se);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("requestProcessingFailed") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
}
Also used :
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
Document(org.w3c.dom.Document)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
SAMLException(com.sun.identity.saml.common.SAMLException)
ServletException(javax.servlet.ServletException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
FSServiceManager(com.sun.identity.federation.services.FSServiceManager)
FSAuthnResponse(com.sun.identity.federation.message.FSAuthnResponse)
FSException(com.sun.identity.federation.common.FSException)
Example 7 with SPDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType in project OpenAM by OpenRock.
the class IDFFMetaSecurityUtils method updateProviderKeyInfo.
/**
* Updates signing or encryption key info for SP or IDP.
* This will update both signing/encryption alias on extended metadata and
* certificates in standard metadata.
* @param realm Realm the entity resides.
* @param entityID ID of the entity to be updated.
* @param certAlias Alias of the certificate to be set to the entity. If
* null, will remove existing key information from the SP or IDP.
* @param isSigning true if this is signing certificate alias, false if
* this is encryption certification alias.
* @param isIDP true if this is for IDP signing/encryption alias, false
* if this is for SP signing/encryption alias
* @param encAlgo Encryption algorithm URI, this is applicable for
* encryption cert only.
* @param keySize Encryption key size, this is applicable for
* encryption cert only.
* @throws IDFFMetaException if failed to update the certificate alias for
* the entity.
*/
public static void updateProviderKeyInfo(String realm, String entityID, String certAlias, boolean isSigning, boolean isIDP, String encAlgo, int keySize) throws IDFFMetaException {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
EntityConfigElement config = metaManager.getEntityConfig(realm, entityID);
if (!config.isHosted()) {
String[] args = { entityID, realm };
throw new IDFFMetaException("entityNotHosted", args);
}
EntityDescriptorElement desp = metaManager.getEntityDescriptor(realm, entityID);
if (isIDP) {
IDPDescriptorConfigElement idpConfig = IDFFMetaUtils.getIDPDescriptorConfig(config);
IDPDescriptorType idpDesp = IDFFMetaUtils.getIDPDescriptor(desp);
if ((idpConfig == null) || (idpDesp == null)) {
String[] args = { entityID, realm };
throw new IDFFMetaException("entityNotIDP", args);
}
// update standard metadata
if ((certAlias == null) || (certAlias.length() == 0)) {
// remove key info
removeKeyDescriptor(idpDesp, isSigning);
if (isSigning) {
setExtendedAttributeValue(idpConfig, IFSConstants.SIGNING_CERT_ALIAS, null);
} else {
setExtendedAttributeValue(idpConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, null);
}
} else {
KeyDescriptorElement kde = getKeyDescriptor(certAlias, isSigning, encAlgo, keySize);
updateKeyDescriptor(idpDesp, kde);
// update extended metadata
Set value = new HashSet();
value.add(certAlias);
if (isSigning) {
setExtendedAttributeValue(idpConfig, IFSConstants.SIGNING_CERT_ALIAS, value);
} else {
setExtendedAttributeValue(idpConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, value);
}
}
metaManager.setEntityDescriptor(realm, desp);
metaManager.setEntityConfig(realm, config);
} else {
SPDescriptorConfigElement spConfig = IDFFMetaUtils.getSPDescriptorConfig(config);
SPDescriptorType spDesp = IDFFMetaUtils.getSPDescriptor(desp);
if ((spConfig == null) || (spDesp == null)) {
String[] args = { entityID, realm };
throw new IDFFMetaException("entityNotSP", args);
}
// update standard metadata
if ((certAlias == null) || (certAlias.length() == 0)) {
// remove key info
removeKeyDescriptor(spDesp, isSigning);
if (isSigning) {
setExtendedAttributeValue(spConfig, IFSConstants.SIGNING_CERT_ALIAS, null);
} else {
setExtendedAttributeValue(spConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, null);
}
} else {
KeyDescriptorElement kde = getKeyDescriptor(certAlias, isSigning, encAlgo, keySize);
updateKeyDescriptor(spDesp, kde);
// update extended metadata
Set value = new HashSet();
value.add(certAlias);
if (isSigning) {
setExtendedAttributeValue(spConfig, IFSConstants.SIGNING_CERT_ALIAS, value);
} else {
setExtendedAttributeValue(spConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, value);
}
}
metaManager.setEntityDescriptor(realm, desp);
metaManager.setEntityConfig(realm, config);
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
EntityDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)
KeyDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.KeyDescriptorElement)
EntityConfigElement(com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement)
HashSet(java.util.HashSet)
Example 8 with SPDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType in project OpenAM by OpenRock.
the class IDFFModelImpl method getEntitySPDescriptor.
/**
* Returns a map of an SP entity descriptors key/value pairs.
*
* @param realm where the entity exists.
* @param entityName name of entity descriptor.
* @return map of SP key/value pairs
*/
public Map getEntitySPDescriptor(String realm, String entityName) throws AMConsoleException {
String[] params = { realm, entityName, "IDFF", "SP-Standard Metadata" };
logEvent("ATTEMPT_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
Map map = new HashMap();
SPDescriptorType pDesc = null;
try {
IDFFMetaManager manager = getIDFFMetaManager();
pDesc = manager.getSPDescriptor(realm, entityName);
// common attributes
map.put(ATTR_PROTOCOL_SUPPORT_ENUMERATION, convertListToSet(pDesc.getProtocolSupportEnumeration()));
//communication URLs
map.put(ATTR_SOAP_END_POINT, returnEmptySetIfValueIsNull(pDesc.getSoapEndpoint()));
map.put(ATTR_SINGLE_LOGOUT_SERVICE_URL, returnEmptySetIfValueIsNull(pDesc.getSingleLogoutServiceURL()));
map.put(ATTR_SINGLE_LOGOUT_SERVICE_RETURN_URL, returnEmptySetIfValueIsNull(pDesc.getSingleLogoutServiceReturnURL()));
map.put(ATTR_FEDERATION_TERMINATION_SERVICES_URL, returnEmptySetIfValueIsNull(pDesc.getFederationTerminationServiceURL()));
map.put(ATTR_FEDERATION_TERMINATION_SERVICE_RETURN_URL, returnEmptySetIfValueIsNull(pDesc.getFederationTerminationServiceReturnURL()));
map.put(ATTR_REGISTRATION_NAME_IDENTIFIER_SERVICE_URL, returnEmptySetIfValueIsNull(pDesc.getRegisterNameIdentifierServiceURL()));
map.put(ATTR_REGISTRATION_NAME_IDENTIFIER_SERVICE_RETURN_URL, returnEmptySetIfValueIsNull(pDesc.getRegisterNameIdentifierServiceReturnURL()));
// communication profiles
map.put(ATTR_FEDERATION_TERMINATION_NOTIFICATION_PROTOCOL_PROFILE, returnEmptySetIfValueIsNull((String) pDesc.getFederationTerminationNotificationProtocolProfile().get(0)));
map.put(ATTR_SINGLE_LOGOUT_PROTOCOL_PROFILE, returnEmptySetIfValueIsNull((String) pDesc.getSingleLogoutProtocolProfile().get(0)));
map.put(ATTR_REGISTRATION_NAME_IDENTIFIER_PROFILE_PROFILE, returnEmptySetIfValueIsNull((String) pDesc.getRegisterNameIdentifierProtocolProfile().get(0)));
// only for Service Provider
com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType.AssertionConsumerServiceURLType assertionType = (com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType.AssertionConsumerServiceURLType) ((List) pDesc.getAssertionConsumerServiceURL()).get(0);
if (assertionType != null) {
map.put(ATTR_ASSERTION_CUSTOMER_SERVICE_URIID, returnEmptySetIfValueIsNull(assertionType.getId()));
map.put(ATTR_ASSERTION_CUSTOMER_SERVICE_URL, returnEmptySetIfValueIsNull(assertionType.getValue()));
map.put(ATTR_ASSERTION_CUSTOMER_SERVICE_URL_AS_DEFAULT, returnEmptySetIfValueIsNull(assertionType.isIsDefault()));
} else {
map.put(ATTR_ASSERTION_CUSTOMER_SERVICE_URIID, Collections.EMPTY_SET);
map.put(ATTR_ASSERTION_CUSTOMER_SERVICE_URL, Collections.EMPTY_SET);
map.put(ATTR_ASSERTION_CUSTOMER_SERVICE_URL_AS_DEFAULT, Collections.EMPTY_SET);
}
map.put(ATTR_AUTHN_REQUESTS_SIGNED, returnEmptySetIfValueIsNull(pDesc.isAuthnRequestsSigned()));
// get signing key size and algorithm
EncInfo encinfo = KeyUtil.getEncInfo((ProviderDescriptorType) pDesc, entityName, //isIDP
false);
if (encinfo == null) {
map.put(ATTR_ENCRYPTION_KEY_SIZE, Collections.EMPTY_SET);
map.put(ATTR_ENCRYPTION_ALGORITHM, Collections.EMPTY_SET);
} else {
int size = encinfo.getDataEncStrength();
String alg = encinfo.getDataEncAlgorithm();
map.put(ATTR_ENCRYPTION_KEY_SIZE, returnEmptySetIfValueIsNull(Integer.toString(size)));
map.put(ATTR_ENCRYPTION_ALGORITHM, returnEmptySetIfValueIsNull(alg));
}
logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
} catch (IDFFMetaException e) {
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "IDFF", "SP-Standard Metadata", strError };
logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
throw new AMConsoleException(strError);
}
return map;
}
Also used :
HashMap(java.util.HashMap)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
EncInfo(com.sun.identity.federation.key.EncInfo)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 9 with SPDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType in project OpenAM by OpenRock.
the class IDFFModelImpl method updateEntitySPDescriptor.
public void updateEntitySPDescriptor(String realm, String entityName, Map attrValues, Map extendedValues, boolean ishosted) throws AMConsoleException {
String[] params = { realm, entityName, "IDFF", "SP-Standard Metadata" };
logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
try {
//save key and encryption details if present for hosted
if (ishosted == true) {
String keysize = getValueByKey(attrValues, ATTR_ENCRYPTION_KEY_SIZE);
String algorithm = getValueByKey(attrValues, ATTR_ENCRYPTION_ALGORITHM);
String e_certAlias = getValueByKey(extendedValues, ATTR_ENCRYPTION_CERT_ALIAS);
String s_certAlias = getValueByKey(extendedValues, ATTR_SIGNING_CERT_ALIAS);
int keysi = (keysize != null && keysize.length() > 0) ? Integer.parseInt(keysize) : 128;
String alg = (algorithm == null || algorithm.length() == 0) ? "http://www.w3.org/2001/04/xmlenc#aes128-cbc" : algorithm;
IDFFMetaSecurityUtils.updateProviderKeyInfo(realm, entityName, e_certAlias, false, false, alg, keysi);
IDFFMetaSecurityUtils.updateProviderKeyInfo(realm, entityName, s_certAlias, true, false, alg, keysi);
}
IDFFMetaManager idffManager = getIDFFMetaManager();
EntityDescriptorElement entityDescriptor = idffManager.getEntityDescriptor(realm, entityName);
SPDescriptorType pDesc = idffManager.getSPDescriptor(realm, entityName);
//Protocol Support Enumeration
pDesc.getProtocolSupportEnumeration().clear();
pDesc.getProtocolSupportEnumeration().add((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_PROTOCOL_SUPPORT_ENUMERATION)));
//communication URLs
pDesc.setSoapEndpoint((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_SOAP_END_POINT)));
pDesc.setSingleLogoutServiceURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_SINGLE_LOGOUT_SERVICE_URL)));
pDesc.setSingleLogoutServiceReturnURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_SINGLE_LOGOUT_SERVICE_RETURN_URL)));
pDesc.setFederationTerminationServiceURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_FEDERATION_TERMINATION_SERVICES_URL)));
pDesc.setFederationTerminationServiceReturnURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_FEDERATION_TERMINATION_SERVICE_RETURN_URL)));
pDesc.setRegisterNameIdentifierServiceURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_REGISTRATION_NAME_IDENTIFIER_SERVICE_URL)));
pDesc.setRegisterNameIdentifierServiceReturnURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_REGISTRATION_NAME_IDENTIFIER_SERVICE_RETURN_URL)));
// communication profiles
pDesc.getFederationTerminationNotificationProtocolProfile().clear();
pDesc.getFederationTerminationNotificationProtocolProfile().add((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_FEDERATION_TERMINATION_NOTIFICATION_PROTOCOL_PROFILE)));
int size = federationTerminationProfileList.size();
for (int i = 0; i < size; i++) {
if (!federationTerminationProfileList.get(i).equals((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_FEDERATION_TERMINATION_NOTIFICATION_PROTOCOL_PROFILE)))) {
pDesc.getFederationTerminationNotificationProtocolProfile().add(federationTerminationProfileList.get(i));
}
}
pDesc.getSingleLogoutProtocolProfile().clear();
pDesc.getSingleLogoutProtocolProfile().add((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_SINGLE_LOGOUT_PROTOCOL_PROFILE)));
size = singleLogoutProfileList.size();
for (int i = 0; i < size; i++) {
if (!singleLogoutProfileList.get(i).equals((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_SINGLE_LOGOUT_PROTOCOL_PROFILE)))) {
pDesc.getSingleLogoutProtocolProfile().add(singleLogoutProfileList.get(i));
}
}
pDesc.getRegisterNameIdentifierProtocolProfile().clear();
pDesc.getRegisterNameIdentifierProtocolProfile().add((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_REGISTRATION_NAME_IDENTIFIER_PROFILE_PROFILE)));
size = nameRegistrationProfileList.size();
for (int i = 0; i < size; i++) {
if (!nameRegistrationProfileList.get(i).equals((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_REGISTRATION_NAME_IDENTIFIER_PROFILE_PROFILE)))) {
pDesc.getRegisterNameIdentifierProtocolProfile().add(nameRegistrationProfileList.get(i));
}
}
// only for sp
String id = (String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_ASSERTION_CUSTOMER_SERVICE_URIID));
String value = (String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_ASSERTION_CUSTOMER_SERVICE_URL));
String isDefault = (String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_ASSERTION_CUSTOMER_SERVICE_URL_AS_DEFAULT));
String authnRequestsSigned = (String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_AUTHN_REQUESTS_SIGNED));
com.sun.identity.liberty.ws.meta.jaxb.ObjectFactory objFactory = new com.sun.identity.liberty.ws.meta.jaxb.ObjectFactory();
com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType.AssertionConsumerServiceURLType assertionType = objFactory.createSPDescriptorTypeAssertionConsumerServiceURLType();
assertionType.setId(id);
assertionType.setValue(value);
if (isDefault.equals("true")) {
assertionType.setIsDefault(true);
} else {
assertionType.setIsDefault(false);
}
pDesc.getAssertionConsumerServiceURL().clear();
pDesc.getAssertionConsumerServiceURL().add(assertionType);
if (authnRequestsSigned.equals("true")) {
pDesc.setAuthnRequestsSigned(true);
} else {
pDesc.setAuthnRequestsSigned(false);
}
entityDescriptor.getSPDescriptor().clear();
entityDescriptor.getSPDescriptor().add(pDesc);
idffManager.setEntityDescriptor(realm, entityDescriptor);
logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
} catch (IDFFMetaException e) {
debug.error("IDFFMetaException, updateEntitySPDescriptor");
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "IDFF", "SP-Standard Metadata", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
} catch (JAXBException e) {
debug.error("JAXBException, updateEntitySPDescriptor");
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "IDFF", "SP-Standard Metadata", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
JAXBException(javax.xml.bind.JAXBException)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
EntityDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)
ObjectFactory(com.sun.identity.federation.jaxb.entityconfig.ObjectFactory)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Example 10 with SPDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method sendProxyResponse.
/**
* Sends the proxy authentication response to the proxying service
* provider which has originally requested for the authentication.
* @param requestID authnRequest id that is sent to the authenticating
* Identity Provider.
*/
protected void sendProxyResponse(String requestID) {
FSUtils.debug.message("FSAssertionArtifactHandler.sendProxyResponse::");
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
FSAuthnRequest origRequest = sessionManager.getProxySPAuthnRequest(requestID);
if (FSUtils.debug.messageEnabled()) {
try {
FSUtils.debug.message("FSAssertionHandler.sendProxyResponse:" + origRequest.toXMLString());
} catch (Exception ex) {
FSUtils.debug.error("FSAssertionHandler.sendProxyResponse:" + "toString(): Failed.", ex);
}
}
SPDescriptorType proxyDescriptor = sessionManager.getProxySPDescriptor(requestID);
String proxySPEntityId = origRequest.getProviderId();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler.sendProxyResponse" + ":Original requesting service provider id:" + proxySPEntityId);
}
FSSession session = sessionManager.getSession(ssoToken);
if (authnContextStmt != null) {
String authnContext = authnContextStmt.getAuthnContextClassRef();
session.setAuthnContext(authnContext);
}
session.addSessionPartner(new FSSessionPartner(proxySPEntityId, false));
if (FSUtils.debug.messageEnabled()) {
Iterator partners = session.getSessionPartners().iterator();
while (partners.hasNext()) {
FSSessionPartner part = (FSSessionPartner) partners.next();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("PARTNERS" + part.getPartner());
}
}
}
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
BaseConfigType proxySPConfig = null;
try {
proxySPConfig = metaManager.getSPDescriptorConfig(realm, proxySPEntityId);
} catch (Exception e) {
FSUtils.debug.error("FSAssertionArtifactHandler.sendProxyResponse:" + "Couldn't obtain proxy sp meta:", e);
}
FSProxyHandler handler = new FSProxyHandler(request, response, origRequest, proxyDescriptor, proxySPConfig, proxySPEntityId, origRequest.getRelayState(), ssoToken);
IDPDescriptorType localIDPDesc = null;
BaseConfigType localIDPConfig = null;
String localIDPMetaAlias = null;
try {
localIDPDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
localIDPConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
localIDPMetaAlias = localIDPConfig.getMetaAlias();
} catch (Exception e) {
FSUtils.debug.error("FSAssertionartifactHandler.sendProxyResponse:" + "Exception when obtaining local idp meta:", e);
}
handler.setRealm(realm);
handler.setHostedEntityId(hostEntityId);
handler.setHostedDescriptor(localIDPDesc);
handler.setHostedDescriptorConfig(localIDPConfig);
handler.setMetaAlias(localIDPMetaAlias);
handler.processAuthnRequest(origRequest, true);
}
Also used :
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
FSSession(com.sun.identity.federation.services.FSSession)
Iterator(java.util.Iterator)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
Aggregations
SPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)12
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)8
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)7
IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)7
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)6
FSException (com.sun.identity.federation.common.FSException)5
FSAuthnRequest (com.sun.identity.federation.message.FSAuthnRequest)5
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)5
SAMLException (com.sun.identity.saml.common.SAMLException)5
IOException (java.io.IOException)5
ServletException (javax.servlet.ServletException)4
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)3
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)3
Iterator (java.util.Iterator)3
List (java.util.List)3
Set (java.util.Set)3
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)2
COTException (com.sun.identity.cot.COTException)2
FSRedirectException (com.sun.identity.federation.common.FSRedirectException)2
FSServiceManager (com.sun.identity.federation.services.FSServiceManager)2
