Search in sources :

Example 1 with SecurityAssertion

use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.

the class LibertyManagerImpl method getDiscoveryServiceCredential.

/**
     * Returns the discovery service credential.
     * @param tokenID Single Sign On Token ID.
     * @param hostProviderID Hosted <code>ProviderID</code>.
     * @return <code>String</code> Credential to access the discovery service.
     *         <code>null</code> if the credential does not present.
     * @exception RemoteException if any failure.
     */
public String getDiscoveryServiceCredential(String tokenID, String hostProviderID) throws RemoteException {
    try {
        Object token = SessionManager.getProvider().getSession(tokenID);
        FSSession session = FSSessionManager.getInstance(IDFFMetaUtils.getMetaAlias(IFSConstants.ROOT_REALM, hostProviderID, IFSConstants.SP, null)).getSession(token);
        if (session == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("LibertyManagerImpl.getDiscoveryServiceCredential:" + "ResourceOffering: no FSSession found");
            }
            return null;
        }
        List creds = session.getBootStrapCredential();
        if (creds == null || creds.size() == 0) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("LibertyManagerImpl.getDiscovery:" + "ServiceCredential: bootstrap credential is null");
            }
            return null;
        }
        return ((SecurityAssertion) creds.get(0)).toString();
    } catch (SessionException se) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("LibertyManagerImpl.getDiscoveryService" + "Credential: SessionException", se);
        }
        throw new RemoteException(FSUtils.bundle.getString("invalidSSOToken"));
    }
}
Also used : FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) NodeList(org.w3c.dom.NodeList) List(java.util.List) SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion) RemoteException(java.rmi.RemoteException)

Example 2 with SecurityAssertion

use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.

the class FSAssertion method parseAdvice.

/**
     * Parses the advice element to extract the Security <code>Assertion</code>.
     *
     * @param element the <code>Advice</code> Element.
     */
public void parseAdvice(Element element) {
    NodeList nl = element.getChildNodes();
    int length = nl.getLength();
    for (int n = 0; n < length; n++) {
        Node child = (Node) nl.item(n);
        if (child.getNodeType() != Node.ELEMENT_NODE) {
            continue;
        }
        String childName = child.getLocalName();
        if (childName.equals("Assertion")) {
            try {
                if (securityAssertions == null) {
                    securityAssertions = new ArrayList();
                }
                securityAssertions.add(new SecurityAssertion((Element) child));
            } catch (Exception ex) {
                FSUtils.debug.error("FSAssertion.parseAdvice: Error in" + "parsing security assertion", ex);
            }
        }
    }
    if ((securityAssertions != null) && (!securityAssertions.isEmpty())) {
        _advice = new Advice(null, securityAssertions, null);
    }
}
Also used : NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) Advice(com.sun.identity.saml.assertion.Advice) SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SAMLException(com.sun.identity.saml.common.SAMLException) ParseException(java.text.ParseException) SAMLVersionMismatchException(com.sun.identity.saml.common.SAMLVersionMismatchException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException)

Example 3 with SecurityAssertion

use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.

the class SAML2SDKUtils method getDiscoveryBootStrapCredentials.

/**
     * Gets the Discovery bootstrap credentials.
     * After a single sign-on with an Identity Provider, a service
     * provider may get Discovery bootstrap resource offerings and credentials
     * through a SAML assertion. This APIs helps in retrieving the credentials
     * if the user has been authenticated through the SAML2 SSO. It will
     * need to have a valid single sign on token (generated through the
     * SAML2 SSO).
     *
     * @param request <code>HttpServletRequest</code> associated with a user
     *     session.
     * @return <code>List</code> of <code>SecurityAssertions</code>,
     *     null if there is any failure  or if there is not one
     */
public static List getDiscoveryBootStrapCredentials(HttpServletRequest request) {
    if (request == null) {
        if (debug.messageEnabled()) {
            debug.message("SAML2Utils.getDiscoveryBootStrapCredentials: " + " null Input params");
        }
        return null;
    }
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        Object session = sessionProvider.getSession(request);
        String[] credentials = sessionProvider.getProperty(session, SAML2Constants.DISCOVERY_BOOTSTRAP_CREDENTIALS);
        if ((credentials == null) || (credentials.length == 0)) {
            return null;
        }
        List securityAssertions = new ArrayList();
        for (int i = 0; i < credentials.length; i++) {
            SecurityAssertion securityAssertion = new SecurityAssertion(XMLUtils.toDOMDocument(credentials[i], debug).getDocumentElement());
            securityAssertions.add(securityAssertion);
        }
        return securityAssertions;
    } catch (Exception ex) {
        debug.error("SAML2Utils.getDiscoveryBootStrapCredentials: ", ex);
        return null;
    }
}
Also used : ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion) SOAPException(javax.xml.soap.SOAPException) InvocationTargetException(java.lang.reflect.InvocationTargetException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 4 with SecurityAssertion

use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.

the class Default64ResourceIDMapper method getUserID.

/**
     * Returns the ID of the user who has the resource ID in a provider.
     * @param providerID ID of the provider.
     * @param resourceID ID of the resource.
     * @param message Request message.
     * @return user ID. Return null if the user is not found.
     */
public String getUserID(String providerID, String resourceID, Message message) {
    String result = null;
    if ((resourceID == null) || (resourceID.equals(DiscoConstants.IMPLIED_RESOURCE))) {
        if (debug.messageEnabled()) {
            debug.message("Default64ResourceIDMapper.getUserID: used " + "implied resource.");
        }
        if (message == null) {
            debug.error("Default64ResourceIDMapper.getUserID:null message");
            return null;
        } else {
            SecurityAssertion assertion = message.getAssertion();
            if (assertion == null) {
                debug.error("Default64ResourceIDMapper.getUserID:null " + "assertion");
                return null;
            }
            Subject subject = assertion.getBearerSubject();
            if (subject == null) {
                debug.error("Default64ResourceIDMapper.getUserID:not " + "Bearer Token");
                return null;
            }
            NameIdentifier ni = subject.getNameIdentifier();
            if (ni == null) {
                debug.error("Default64ResourceIDMapper.getUserID:no " + "NameIdentifier");
                return null;
            }
            return ni.getName();
        }
    }
    if ((providerID == null) || (providerID.length() == 0)) {
        debug.error("Default64ResourceIDMapper.getUserID:null providerID.");
        return null;
    }
    if (!resourceID.startsWith(providerID)) {
        debug.error("Default64ResourceIDMapper.getUserID:resourceID not " + "startsWith providerID:" + providerID);
        return null;
    }
    String urlDecoded = null;
    if (providerID.endsWith("/")) {
        urlDecoded = URLEncDec.decode(resourceID.substring(providerID.length()));
    } else {
        urlDecoded = URLEncDec.decode(resourceID.substring((providerID + "/").length()));
    }
    try {
        result = SAMLUtils.byteArrayToString(Base64.decode(urlDecoded));
    } catch (Exception e) {
        debug.error("Default64ResourceIDMapper.getUserID:", e);
        return null;
    }
    return result;
}
Also used : NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion) Subject(com.sun.identity.saml.assertion.Subject)

Example 5 with SecurityAssertion

use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.

the class DefaultHexResourceIDMapper method getUserID.

/**
     * Returns the ID of the user who has the resource ID in a provider.
     * @param providerID ID of the provider.
     * @param resourceID ID of the resource.
     * @param message Request message.
     * @return user ID. Return null if the user is not found.
     */
public String getUserID(String providerID, String resourceID, Message message) {
    if ((resourceID == null) || (resourceID.equals(DiscoConstants.IMPLIED_RESOURCE))) {
        if (debug.messageEnabled()) {
            debug.message("DefaultHexResourceIDMapper.getUserID: used " + "implied resource.");
        }
        if (message == null) {
            debug.error("DefaultHexResourceIDMapper.getUserID:null message");
            return null;
        } else {
            SecurityAssertion assertion = message.getAssertion();
            if (assertion == null) {
                debug.error("DefaultHexResourceIDMapper.getUserID:no " + "assertion");
                return null;
            }
            Subject subject = assertion.getBearerSubject();
            if (subject == null) {
                debug.error("DefaultHexResourceIDMapper.getUserID:not " + "Bearer Token");
                return null;
            }
            NameIdentifier ni = subject.getNameIdentifier();
            if (ni == null) {
                debug.error("DefaultHexResourceIDMapper.getUserID:no " + "NameIdentifier");
                return null;
            }
            return ni.getName();
        }
    }
    if ((providerID == null) || (providerID.length() == 0)) {
        debug.error("DefaultHexResourceIDMapper.getUserID:null providerID");
        return null;
    }
    if (!resourceID.startsWith(providerID)) {
        debug.error("DefaultHexResourceIDMapper.getUserID:resourceID not " + "startsWith providerID:" + providerID);
        return null;
    }
    if (providerID.endsWith("/")) {
        return SAMLUtils.byteArrayToString(SAMLUtils.hexStringToByteArray(resourceID.substring(providerID.length())));
    } else {
        return SAMLUtils.byteArrayToString(SAMLUtils.hexStringToByteArray(resourceID.substring((providerID + "/").length())));
    }
}
Also used : NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion) Subject(com.sun.identity.saml.assertion.Subject)

Aggregations

SecurityAssertion (com.sun.identity.liberty.ws.security.SecurityAssertion)10 ArrayList (java.util.ArrayList)6 List (java.util.List)5 NodeList (org.w3c.dom.NodeList)4 SAMLException (com.sun.identity.saml.common.SAMLException)3 ResourceOffering (com.sun.identity.liberty.ws.disco.ResourceOffering)2 SessionException (com.sun.identity.plugin.session.SessionException)2 NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)2 Subject (com.sun.identity.saml.assertion.Subject)2 SOAPException (javax.xml.soap.SOAPException)2 Document (org.w3c.dom.Document)2 Element (org.w3c.dom.Element)2 Node (org.w3c.dom.Node)2 FSException (com.sun.identity.federation.common.FSException)1 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)1 FSSession (com.sun.identity.federation.services.FSSession)1 BinarySecurityToken (com.sun.identity.liberty.ws.common.wsse.BinarySecurityToken)1 DiscoveryException (com.sun.identity.liberty.ws.disco.DiscoveryException)1 QueryResponse (com.sun.identity.liberty.ws.disco.QueryResponse)1 ObjectFactory (com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory)1