Example 6 with SecurityAssertion
use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.
the class MessageProcessor method secureRequest.
/**
* Secures the request by getting the credential from the discovery
* service.
*
* @param offering Resource Offering of the discovery service.
* @param credentials List of credentials that are required to access
* the discovery service.
* @param serviceType Service Type that the discovery service should
* need to look for.
* @param soapMessage SOAPMessage that needs to be secured.
* @param sharedData Any shared data that may be used between the request
* and the response.
* @return SOAPMessage Secured SOAP Message.
* @throws SOAPBindingException for any failure.
*/
public SOAPMessage secureRequest(ResourceOffering offering, List credentials, String serviceType, SOAPMessage soapMessage, Map sharedData) throws SOAPBindingException {
Utils.debug.message("MessageProcessor.secureRequest:Init");
try {
SOAPHeader header = addCorrelationHeader(soapMessage, null);
QueryResponse discoResponse = getWebserviceOffering(offering, credentials, serviceType);
if (Utils.debug.messageEnabled()) {
Utils.debug.message("MessageProcessor.secureRequest: " + "Discovery Response: " + discoResponse.toString());
}
ResourceOffering serviceOffering = (ResourceOffering) discoResponse.getResourceOffering().get(0);
List creds = discoResponse.getCredentials();
String securityProfile = processResourceOffering(serviceOffering);
SecurityAssertion securityAssertion = null;
// security token for this profile.
if (securityProfile.equals(Message.NULL_SAML) || securityProfile.equals(Message.TLS_SAML) || securityProfile.equals(Message.CLIENT_TLS_SAML) || securityProfile.equals(Message.NULL_BEARER) || securityProfile.equals(Message.TLS_BEARER) || securityProfile.equals(Message.CLIENT_TLS_BEARER) || securityProfile.equals(Message.NULL_SAML_WSF11) || securityProfile.equals(Message.TLS_SAML_WSF11) || securityProfile.equals(Message.CLIENT_TLS_SAML_WSF11) || securityProfile.equals(Message.NULL_BEARER_WSF11) || securityProfile.equals(Message.TLS_BEARER_WSF11) || securityProfile.equals(Message.CLIENT_TLS_BEARER_WSF11)) {
if (creds != null && creds.size() != 0) {
securityAssertion = (SecurityAssertion) creds.get(0);
securityAssertion.addToParent(header);
}
}
if (securityProfile.equals(Message.NULL_SAML) || securityProfile.equals(Message.TLS_SAML) || securityProfile.equals(Message.CLIENT_TLS_SAML) || securityProfile.equals(Message.NULL_X509) || securityProfile.equals(Message.TLS_X509) || securityProfile.equals(Message.CLIENT_TLS_X509) || securityProfile.equals(Message.NULL_SAML_WSF11) || securityProfile.equals(Message.TLS_SAML_WSF11) || securityProfile.equals(Message.CLIENT_TLS_SAML_WSF11) || securityProfile.equals(Message.NULL_X509_WSF11) || securityProfile.equals(Message.TLS_X509_WSF11) || securityProfile.equals(Message.CLIENT_TLS_X509_WSF11)) {
soapMessage = signMessage(soapMessage, securityProfile, securityAssertion);
}
if (Utils.debug.messageEnabled()) {
Utils.debug.message("MessageProcessor.secureRequest: " + XMLUtils.print(soapMessage.getSOAPPart().getEnvelope()));
}
return soapMessage;
} catch (Exception ex) {
Utils.debug.error("MessageProcessor.secureRequest: Failure in " + "Securing the request.", ex);
throw new SOAPBindingException(Utils.bundle.getString("secureRequestFailed"));
}
}
Also used :
ResourceOffering(com.sun.identity.liberty.ws.disco.ResourceOffering)
QueryResponse(com.sun.identity.liberty.ws.disco.QueryResponse)
ArrayList(java.util.ArrayList)
NodeList(org.w3c.dom.NodeList)
List(java.util.List)
SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion)
SOAPHeader(javax.xml.soap.SOAPHeader)
SOAPException(javax.xml.soap.SOAPException)
Example 7 with SecurityAssertion
use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.
the class Default64ResourceIDMapper method getUserID.
/**
* Returns the ID of the user who has the resource ID in a provider.
* @param providerID ID of the provider.
* @param resourceID ID of the resource.
* @param message Request message.
* @return user ID. Return null if the user is not found.
*/
public String getUserID(String providerID, String resourceID, Message message) {
String result = null;
if ((resourceID == null) || (resourceID.equals(DiscoConstants.IMPLIED_RESOURCE))) {
if (debug.messageEnabled()) {
debug.message("Default64ResourceIDMapper.getUserID: used " + "implied resource.");
}
if (message == null) {
debug.error("Default64ResourceIDMapper.getUserID:null message");
return null;
} else {
SecurityAssertion assertion = message.getAssertion();
if (assertion == null) {
debug.error("Default64ResourceIDMapper.getUserID:null " + "assertion");
return null;
}
Subject subject = assertion.getBearerSubject();
if (subject == null) {
debug.error("Default64ResourceIDMapper.getUserID:not " + "Bearer Token");
return null;
}
NameIdentifier ni = subject.getNameIdentifier();
if (ni == null) {
debug.error("Default64ResourceIDMapper.getUserID:no " + "NameIdentifier");
return null;
}
return ni.getName();
}
}
if ((providerID == null) || (providerID.length() == 0)) {
debug.error("Default64ResourceIDMapper.getUserID:null providerID.");
return null;
}
if (!resourceID.startsWith(providerID)) {
debug.error("Default64ResourceIDMapper.getUserID:resourceID not " + "startsWith providerID:" + providerID);
return null;
}
String urlDecoded = null;
if (providerID.endsWith("/")) {
urlDecoded = URLEncDec.decode(resourceID.substring(providerID.length()));
} else {
urlDecoded = URLEncDec.decode(resourceID.substring((providerID + "/").length()));
}
try {
result = SAMLUtils.byteArrayToString(Base64.decode(urlDecoded));
} catch (Exception e) {
debug.error("Default64ResourceIDMapper.getUserID:", e);
return null;
}
return result;
}
Also used :
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion)
Subject(com.sun.identity.saml.assertion.Subject)
Example 8 with SecurityAssertion
use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.
the class DefaultHexResourceIDMapper method getUserID.
/**
* Returns the ID of the user who has the resource ID in a provider.
* @param providerID ID of the provider.
* @param resourceID ID of the resource.
* @param message Request message.
* @return user ID. Return null if the user is not found.
*/
public String getUserID(String providerID, String resourceID, Message message) {
if ((resourceID == null) || (resourceID.equals(DiscoConstants.IMPLIED_RESOURCE))) {
if (debug.messageEnabled()) {
debug.message("DefaultHexResourceIDMapper.getUserID: used " + "implied resource.");
}
if (message == null) {
debug.error("DefaultHexResourceIDMapper.getUserID:null message");
return null;
} else {
SecurityAssertion assertion = message.getAssertion();
if (assertion == null) {
debug.error("DefaultHexResourceIDMapper.getUserID:no " + "assertion");
return null;
}
Subject subject = assertion.getBearerSubject();
if (subject == null) {
debug.error("DefaultHexResourceIDMapper.getUserID:not " + "Bearer Token");
return null;
}
NameIdentifier ni = subject.getNameIdentifier();
if (ni == null) {
debug.error("DefaultHexResourceIDMapper.getUserID:no " + "NameIdentifier");
return null;
}
return ni.getName();
}
}
if ((providerID == null) || (providerID.length() == 0)) {
debug.error("DefaultHexResourceIDMapper.getUserID:null providerID");
return null;
}
if (!resourceID.startsWith(providerID)) {
debug.error("DefaultHexResourceIDMapper.getUserID:resourceID not " + "startsWith providerID:" + providerID);
return null;
}
if (providerID.endsWith("/")) {
return SAMLUtils.byteArrayToString(SAMLUtils.hexStringToByteArray(resourceID.substring(providerID.length())));
} else {
return SAMLUtils.byteArrayToString(SAMLUtils.hexStringToByteArray(resourceID.substring((providerID + "/").length())));
}
}
Also used :
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion)
Subject(com.sun.identity.saml.assertion.Subject)
Example 9 with SecurityAssertion
use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.
the class QueryResponse method parseCreds.
private void parseCreds(Element elem) throws DiscoveryException {
NodeList contentnl = elem.getChildNodes();
Node child;
String nodeName;
SecurityAssertion assertion;
for (int i = 0, length = contentnl.getLength(); i < length; i++) {
child = contentnl.item(i);
if ((nodeName = child.getLocalName()) != null) {
try {
assertion = new SecurityAssertion((Element) child);
} catch (SAMLException se) {
if (DiscoUtils.debug.messageEnabled()) {
DiscoUtils.debug.message("QueryResponse(Element): " + "Exception thrown when parsing Credentials:", se);
}
throw new DiscoveryException(DiscoUtils.bundle.getString("wrongCredential"));
}
if (creds == null) {
creds = new ArrayList();
}
creds.add(assertion);
}
}
}
Also used :
ArrayList(java.util.ArrayList)
SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion)
SAMLException(com.sun.identity.saml.common.SAMLException)
Example 10 with SecurityAssertion
use of com.sun.identity.liberty.ws.security.SecurityAssertion in project OpenAM by OpenRock.
the class LibertyManagerClient method getDiscoveryServiceCredential.
/**
* Returns the discovery service credential.
* @param token Single Sign On Token.
* @param hostProviderID Hosted <code>ProviderID</code>.
* @return <code>SecurityAssertion</code> Discovery Service Bootstrap
* Credential.
* @exception FSException if any failure.
*/
public SecurityAssertion getDiscoveryServiceCredential(Object token, String hostProviderID) throws FSException {
try {
String tokenID = SessionManager.getProvider().getSessionID(token);
String cacheKey = tokenID + DISCO_CRED;
SecurityAssertion cred = (SecurityAssertion) bootStrapCache.get(cacheKey);
if (cred != null) {
return cred;
}
String[] objs = { tokenID, hostProviderID };
String credential = (String) client.send("getDiscoveryServiceCredential", objs, null, null);
if ((credential == null) || (credential.length() == 0)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LibertyManagerClient.getDiscovery" + "ServiceCredential: Credential is null or empty");
}
return null;
}
Document doc = XMLUtils.toDOMDocument(credential, FSUtils.debug);
cred = new SecurityAssertion(doc.getDocumentElement());
bootStrapCache.put(cacheKey, cred);
return cred;
} catch (SessionException se) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LibertyManagerClient.getDiscovery" + "ServiceCredential: InvalidSessionToken", se);
}
throw new FSException(FSUtils.bundle.getString("invalidSSOToken"));
} catch (DiscoveryException de) {
FSUtils.debug.error("LibertyManagerClient.getDiscovery" + "ServiceCredential: InvalidAssertion", de);
throw new FSException(FSUtils.bundle.getString("invalidCredential"));
} catch (Exception ex) {
FSUtils.debug.error("LibertyManagerClient.getDiscovery" + "ResourceOffering: SOAPClient Exception", ex);
throw new FSException(FSUtils.bundle.getString("soapException"));
}
}
Also used :
FSException(com.sun.identity.federation.common.FSException)
SessionException(com.sun.identity.plugin.session.SessionException)
SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion)
Document(org.w3c.dom.Document)
DiscoveryException(com.sun.identity.liberty.ws.disco.DiscoveryException)
DiscoveryException(com.sun.identity.liberty.ws.disco.DiscoveryException)
SessionException(com.sun.identity.plugin.session.SessionException)
FSException(com.sun.identity.federation.common.FSException)
Aggregations
SecurityAssertion (com.sun.identity.liberty.ws.security.SecurityAssertion)10
ArrayList (java.util.ArrayList)6
List (java.util.List)5
NodeList (org.w3c.dom.NodeList)4
SAMLException (com.sun.identity.saml.common.SAMLException)3
ResourceOffering (com.sun.identity.liberty.ws.disco.ResourceOffering)2
SessionException (com.sun.identity.plugin.session.SessionException)2
NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)2
Subject (com.sun.identity.saml.assertion.Subject)2
SOAPException (javax.xml.soap.SOAPException)2
Document (org.w3c.dom.Document)2
Element (org.w3c.dom.Element)2
Node (org.w3c.dom.Node)2
FSException (com.sun.identity.federation.common.FSException)1
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)1
FSSession (com.sun.identity.federation.services.FSSession)1
BinarySecurityToken (com.sun.identity.liberty.ws.common.wsse.BinarySecurityToken)1
DiscoveryException (com.sun.identity.liberty.ws.disco.DiscoveryException)1
QueryResponse (com.sun.identity.liberty.ws.disco.QueryResponse)1
ObjectFactory (com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory)1
