use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.
the class LibertyManagerImpl method getDiscoveryServiceCredential.
/**
* Returns the discovery service credential.
* @param tokenID Single Sign On Token ID.
* @param hostProviderID Hosted <code>ProviderID</code>.
* @return <code>String</code> Credential to access the discovery service.
* <code>null</code> if the credential does not present.
* @exception RemoteException if any failure.
*/
public String getDiscoveryServiceCredential(String tokenID, String hostProviderID) throws RemoteException {
try {
Object token = SessionManager.getProvider().getSession(tokenID);
FSSession session = FSSessionManager.getInstance(IDFFMetaUtils.getMetaAlias(IFSConstants.ROOT_REALM, hostProviderID, IFSConstants.SP, null)).getSession(token);
if (session == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LibertyManagerImpl.getDiscoveryServiceCredential:" + "ResourceOffering: no FSSession found");
}
return null;
}
List creds = session.getBootStrapCredential();
if (creds == null || creds.size() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LibertyManagerImpl.getDiscovery:" + "ServiceCredential: bootstrap credential is null");
}
return null;
}
return ((SecurityAssertion) creds.get(0)).toString();
} catch (SessionException se) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LibertyManagerImpl.getDiscoveryService" + "Credential: SessionException", se);
}
throw new RemoteException(FSUtils.bundle.getString("invalidSSOToken"));
}
}
use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.
the class FSAssertion method parseAdvice.
/**
* Parses the advice element to extract the Security <code>Assertion</code>.
*
* @param element the <code>Advice</code> Element.
*/
public void parseAdvice(Element element) {
NodeList nl = element.getChildNodes();
int length = nl.getLength();
for (int n = 0; n < length; n++) {
Node child = (Node) nl.item(n);
if (child.getNodeType() != Node.ELEMENT_NODE) {
continue;
}
String childName = child.getLocalName();
if (childName.equals("Assertion")) {
try {
if (securityAssertions == null) {
securityAssertions = new ArrayList();
}
securityAssertions.add(new SecurityAssertion((Element) child));
} catch (Exception ex) {
FSUtils.debug.error("FSAssertion.parseAdvice: Error in" + "parsing security assertion", ex);
}
}
}
if ((securityAssertions != null) && (!securityAssertions.isEmpty())) {
_advice = new Advice(null, securityAssertions, null);
}
}
use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.
the class SAML2SDKUtils method getDiscoveryBootStrapCredentials.
/**
* Gets the Discovery bootstrap credentials.
* After a single sign-on with an Identity Provider, a service
* provider may get Discovery bootstrap resource offerings and credentials
* through a SAML assertion. This APIs helps in retrieving the credentials
* if the user has been authenticated through the SAML2 SSO. It will
* need to have a valid single sign on token (generated through the
* SAML2 SSO).
*
* @param request <code>HttpServletRequest</code> associated with a user
* session.
* @return <code>List</code> of <code>SecurityAssertions</code>,
* null if there is any failure or if there is not one
*/
public static List getDiscoveryBootStrapCredentials(HttpServletRequest request) {
if (request == null) {
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getDiscoveryBootStrapCredentials: " + " null Input params");
}
return null;
}
try {
SessionProvider sessionProvider = SessionManager.getProvider();
Object session = sessionProvider.getSession(request);
String[] credentials = sessionProvider.getProperty(session, SAML2Constants.DISCOVERY_BOOTSTRAP_CREDENTIALS);
if ((credentials == null) || (credentials.length == 0)) {
return null;
}
List securityAssertions = new ArrayList();
for (int i = 0; i < credentials.length; i++) {
SecurityAssertion securityAssertion = new SecurityAssertion(XMLUtils.toDOMDocument(credentials[i], debug).getDocumentElement());
securityAssertions.add(securityAssertion);
}
return securityAssertions;
} catch (Exception ex) {
debug.error("SAML2Utils.getDiscoveryBootStrapCredentials: ", ex);
return null;
}
}
use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.
the class Default64ResourceIDMapper method getUserID.
/**
* Returns the ID of the user who has the resource ID in a provider.
* @param providerID ID of the provider.
* @param resourceID ID of the resource.
* @param message Request message.
* @return user ID. Return null if the user is not found.
*/
public String getUserID(String providerID, String resourceID, Message message) {
String result = null;
if ((resourceID == null) || (resourceID.equals(DiscoConstants.IMPLIED_RESOURCE))) {
if (debug.messageEnabled()) {
debug.message("Default64ResourceIDMapper.getUserID: used " + "implied resource.");
}
if (message == null) {
debug.error("Default64ResourceIDMapper.getUserID:null message");
return null;
} else {
SecurityAssertion assertion = message.getAssertion();
if (assertion == null) {
debug.error("Default64ResourceIDMapper.getUserID:null " + "assertion");
return null;
}
Subject subject = assertion.getBearerSubject();
if (subject == null) {
debug.error("Default64ResourceIDMapper.getUserID:not " + "Bearer Token");
return null;
}
NameIdentifier ni = subject.getNameIdentifier();
if (ni == null) {
debug.error("Default64ResourceIDMapper.getUserID:no " + "NameIdentifier");
return null;
}
return ni.getName();
}
}
if ((providerID == null) || (providerID.length() == 0)) {
debug.error("Default64ResourceIDMapper.getUserID:null providerID.");
return null;
}
if (!resourceID.startsWith(providerID)) {
debug.error("Default64ResourceIDMapper.getUserID:resourceID not " + "startsWith providerID:" + providerID);
return null;
}
String urlDecoded = null;
if (providerID.endsWith("/")) {
urlDecoded = URLEncDec.decode(resourceID.substring(providerID.length()));
} else {
urlDecoded = URLEncDec.decode(resourceID.substring((providerID + "/").length()));
}
try {
result = SAMLUtils.byteArrayToString(Base64.decode(urlDecoded));
} catch (Exception e) {
debug.error("Default64ResourceIDMapper.getUserID:", e);
return null;
}
return result;
}
use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.
the class DefaultHexResourceIDMapper method getUserID.
/**
* Returns the ID of the user who has the resource ID in a provider.
* @param providerID ID of the provider.
* @param resourceID ID of the resource.
* @param message Request message.
* @return user ID. Return null if the user is not found.
*/
public String getUserID(String providerID, String resourceID, Message message) {
if ((resourceID == null) || (resourceID.equals(DiscoConstants.IMPLIED_RESOURCE))) {
if (debug.messageEnabled()) {
debug.message("DefaultHexResourceIDMapper.getUserID: used " + "implied resource.");
}
if (message == null) {
debug.error("DefaultHexResourceIDMapper.getUserID:null message");
return null;
} else {
SecurityAssertion assertion = message.getAssertion();
if (assertion == null) {
debug.error("DefaultHexResourceIDMapper.getUserID:no " + "assertion");
return null;
}
Subject subject = assertion.getBearerSubject();
if (subject == null) {
debug.error("DefaultHexResourceIDMapper.getUserID:not " + "Bearer Token");
return null;
}
NameIdentifier ni = subject.getNameIdentifier();
if (ni == null) {
debug.error("DefaultHexResourceIDMapper.getUserID:no " + "NameIdentifier");
return null;
}
return ni.getName();
}
}
if ((providerID == null) || (providerID.length() == 0)) {
debug.error("DefaultHexResourceIDMapper.getUserID:null providerID");
return null;
}
if (!resourceID.startsWith(providerID)) {
debug.error("DefaultHexResourceIDMapper.getUserID:resourceID not " + "startsWith providerID:" + providerID);
return null;
}
if (providerID.endsWith("/")) {
return SAMLUtils.byteArrayToString(SAMLUtils.hexStringToByteArray(resourceID.substring(providerID.length())));
} else {
return SAMLUtils.byteArrayToString(SAMLUtils.hexStringToByteArray(resourceID.substring((providerID + "/").length())));
}
}
Aggregations