Example 1 with SecurityAssertion
use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.
the class LibertyManagerImpl method getDiscoveryServiceCredential.
/**
* Returns the discovery service credential.
* @param tokenID Single Sign On Token ID.
* @param hostProviderID Hosted <code>ProviderID</code>.
* @return <code>String</code> Credential to access the discovery service.
* <code>null</code> if the credential does not present.
* @exception RemoteException if any failure.
*/
public String getDiscoveryServiceCredential(String tokenID, String hostProviderID) throws RemoteException {
try {
Object token = SessionManager.getProvider().getSession(tokenID);
FSSession session = FSSessionManager.getInstance(IDFFMetaUtils.getMetaAlias(IFSConstants.ROOT_REALM, hostProviderID, IFSConstants.SP, null)).getSession(token);
if (session == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LibertyManagerImpl.getDiscoveryServiceCredential:" + "ResourceOffering: no FSSession found");
}
return null;
}
List creds = session.getBootStrapCredential();
if (creds == null || creds.size() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LibertyManagerImpl.getDiscovery:" + "ServiceCredential: bootstrap credential is null");
}
return null;
}
return ((SecurityAssertion) creds.get(0)).toString();
} catch (SessionException se) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LibertyManagerImpl.getDiscoveryService" + "Credential: SessionException", se);
}
throw new RemoteException(FSUtils.bundle.getString("invalidSSOToken"));
}
}
Also used :
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
NodeList(org.w3c.dom.NodeList)
List(java.util.List)
SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion)
RemoteException(java.rmi.RemoteException)
Example 2 with SecurityAssertion
use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.
the class FSAssertion method parseAdvice.
/**
* Parses the advice element to extract the Security <code>Assertion</code>.
*
* @param element the <code>Advice</code> Element.
*/
public void parseAdvice(Element element) {
NodeList nl = element.getChildNodes();
int length = nl.getLength();
for (int n = 0; n < length; n++) {
Node child = (Node) nl.item(n);
if (child.getNodeType() != Node.ELEMENT_NODE) {
continue;
}
String childName = child.getLocalName();
if (childName.equals("Assertion")) {
try {
if (securityAssertions == null) {
securityAssertions = new ArrayList();
}
securityAssertions.add(new SecurityAssertion((Element) child));
} catch (Exception ex) {
FSUtils.debug.error("FSAssertion.parseAdvice: Error in" + "parsing security assertion", ex);
}
}
}
if ((securityAssertions != null) && (!securityAssertions.isEmpty())) {
_advice = new Advice(null, securityAssertions, null);
}
}
Also used :
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
Advice(com.sun.identity.saml.assertion.Advice)
SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
ParseException(java.text.ParseException)
SAMLVersionMismatchException(com.sun.identity.saml.common.SAMLVersionMismatchException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
Example 3 with SecurityAssertion
use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.
the class SAML2SDKUtils method getDiscoveryBootStrapCredentials.
/**
* Gets the Discovery bootstrap credentials.
* After a single sign-on with an Identity Provider, a service
* provider may get Discovery bootstrap resource offerings and credentials
* through a SAML assertion. This APIs helps in retrieving the credentials
* if the user has been authenticated through the SAML2 SSO. It will
* need to have a valid single sign on token (generated through the
* SAML2 SSO).
*
* @param request <code>HttpServletRequest</code> associated with a user
* session.
* @return <code>List</code> of <code>SecurityAssertions</code>,
* null if there is any failure or if there is not one
*/
public static List getDiscoveryBootStrapCredentials(HttpServletRequest request) {
if (request == null) {
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getDiscoveryBootStrapCredentials: " + " null Input params");
}
return null;
}
try {
SessionProvider sessionProvider = SessionManager.getProvider();
Object session = sessionProvider.getSession(request);
String[] credentials = sessionProvider.getProperty(session, SAML2Constants.DISCOVERY_BOOTSTRAP_CREDENTIALS);
if ((credentials == null) || (credentials.length == 0)) {
return null;
}
List securityAssertions = new ArrayList();
for (int i = 0; i < credentials.length; i++) {
SecurityAssertion securityAssertion = new SecurityAssertion(XMLUtils.toDOMDocument(credentials[i], debug).getDocumentElement());
securityAssertions.add(securityAssertion);
}
return securityAssertions;
} catch (Exception ex) {
debug.error("SAML2Utils.getDiscoveryBootStrapCredentials: ", ex);
return null;
}
}
Also used :
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion)
SOAPException(javax.xml.soap.SOAPException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 4 with SecurityAssertion
use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.
the class Default64ResourceIDMapper method getUserID.
/**
* Returns the ID of the user who has the resource ID in a provider.
* @param providerID ID of the provider.
* @param resourceID ID of the resource.
* @param message Request message.
* @return user ID. Return null if the user is not found.
*/
public String getUserID(String providerID, String resourceID, Message message) {
String result = null;
if ((resourceID == null) || (resourceID.equals(DiscoConstants.IMPLIED_RESOURCE))) {
if (debug.messageEnabled()) {
debug.message("Default64ResourceIDMapper.getUserID: used " + "implied resource.");
}
if (message == null) {
debug.error("Default64ResourceIDMapper.getUserID:null message");
return null;
} else {
SecurityAssertion assertion = message.getAssertion();
if (assertion == null) {
debug.error("Default64ResourceIDMapper.getUserID:null " + "assertion");
return null;
}
Subject subject = assertion.getBearerSubject();
if (subject == null) {
debug.error("Default64ResourceIDMapper.getUserID:not " + "Bearer Token");
return null;
}
NameIdentifier ni = subject.getNameIdentifier();
if (ni == null) {
debug.error("Default64ResourceIDMapper.getUserID:no " + "NameIdentifier");
return null;
}
return ni.getName();
}
}
if ((providerID == null) || (providerID.length() == 0)) {
debug.error("Default64ResourceIDMapper.getUserID:null providerID.");
return null;
}
if (!resourceID.startsWith(providerID)) {
debug.error("Default64ResourceIDMapper.getUserID:resourceID not " + "startsWith providerID:" + providerID);
return null;
}
String urlDecoded = null;
if (providerID.endsWith("/")) {
urlDecoded = URLEncDec.decode(resourceID.substring(providerID.length()));
} else {
urlDecoded = URLEncDec.decode(resourceID.substring((providerID + "/").length()));
}
try {
result = SAMLUtils.byteArrayToString(Base64.decode(urlDecoded));
} catch (Exception e) {
debug.error("Default64ResourceIDMapper.getUserID:", e);
return null;
}
return result;
}
Also used :
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion)
Subject(com.sun.identity.saml.assertion.Subject)
Example 5 with SecurityAssertion
use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.
the class DefaultHexResourceIDMapper method getUserID.
/**
* Returns the ID of the user who has the resource ID in a provider.
* @param providerID ID of the provider.
* @param resourceID ID of the resource.
* @param message Request message.
* @return user ID. Return null if the user is not found.
*/
public String getUserID(String providerID, String resourceID, Message message) {
if ((resourceID == null) || (resourceID.equals(DiscoConstants.IMPLIED_RESOURCE))) {
if (debug.messageEnabled()) {
debug.message("DefaultHexResourceIDMapper.getUserID: used " + "implied resource.");
}
if (message == null) {
debug.error("DefaultHexResourceIDMapper.getUserID:null message");
return null;
} else {
SecurityAssertion assertion = message.getAssertion();
if (assertion == null) {
debug.error("DefaultHexResourceIDMapper.getUserID:no " + "assertion");
return null;
}
Subject subject = assertion.getBearerSubject();
if (subject == null) {
debug.error("DefaultHexResourceIDMapper.getUserID:not " + "Bearer Token");
return null;
}
NameIdentifier ni = subject.getNameIdentifier();
if (ni == null) {
debug.error("DefaultHexResourceIDMapper.getUserID:no " + "NameIdentifier");
return null;
}
return ni.getName();
}
}
if ((providerID == null) || (providerID.length() == 0)) {
debug.error("DefaultHexResourceIDMapper.getUserID:null providerID");
return null;
}
if (!resourceID.startsWith(providerID)) {
debug.error("DefaultHexResourceIDMapper.getUserID:resourceID not " + "startsWith providerID:" + providerID);
return null;
}
if (providerID.endsWith("/")) {
return SAMLUtils.byteArrayToString(SAMLUtils.hexStringToByteArray(resourceID.substring(providerID.length())));
} else {
return SAMLUtils.byteArrayToString(SAMLUtils.hexStringToByteArray(resourceID.substring((providerID + "/").length())));
}
}
Also used :
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion)
Subject(com.sun.identity.saml.assertion.Subject)
Aggregations
SecurityAssertion (com.sun.identity.liberty.ws.security.SecurityAssertion)10
ArrayList (java.util.ArrayList)6
List (java.util.List)5
NodeList (org.w3c.dom.NodeList)4
SAMLException (com.sun.identity.saml.common.SAMLException)3
ResourceOffering (com.sun.identity.liberty.ws.disco.ResourceOffering)2
SessionException (com.sun.identity.plugin.session.SessionException)2
NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)2
Subject (com.sun.identity.saml.assertion.Subject)2
SOAPException (javax.xml.soap.SOAPException)2
Document (org.w3c.dom.Document)2
Element (org.w3c.dom.Element)2
Node (org.w3c.dom.Node)2
FSException (com.sun.identity.federation.common.FSException)1
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)1
FSSession (com.sun.identity.federation.services.FSSession)1
BinarySecurityToken (com.sun.identity.liberty.ws.common.wsse.BinarySecurityToken)1
DiscoveryException (com.sun.identity.liberty.ws.disco.DiscoveryException)1
QueryResponse (com.sun.identity.liberty.ws.disco.QueryResponse)1
ObjectFactory (com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory)1
