use of com.sun.identity.liberty.ws.security.SessionSubject in project OpenAM by OpenRock.
the class DiscoveryBootstrap method getResourceOffering.
/**
* Gets the discovery bootstrap resource offering for the user.
* @return Discovery Resource Offering String
* @exception SAML2Exception if there's any failure.
*/
private String getResourceOffering(String authnContextClassRef, Subject subject, String wscID, String realm) throws SAML2Exception {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("DiscoveryBootstrap.getResourceOffering:Init");
}
DiscoEntryElement discoEntry = DiscoServiceManager.getBootstrappingDiscoEntry();
if (discoEntry == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("missingUnivID"));
}
String[] values = null;
try {
values = SessionManager.getProvider().getProperty(session, Constants.UNIVERSAL_IDENTIFIER);
} catch (SessionException se) {
throw new SAML2Exception(se);
}
if ((values == null) || (values.length == 0)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("missingDiscoOffering"));
}
String univID = values[0];
try {
ResourceOfferingType offering = discoEntry.getResourceOffering();
ServiceInstanceType serviceInstance = offering.getServiceInstance();
String providerID = serviceInstance.getProviderID();
if (!DiscoServiceManager.useImpliedResource()) {
ResourceIDMapper idMapper = DiscoServiceManager.getResourceIDMapper(providerID);
if (idMapper == null) {
idMapper = DiscoServiceManager.getDefaultResourceIDMapper();
}
ObjectFactory fac = new ObjectFactory();
ResourceIDType resourceID = fac.createResourceIDType();
String resourceIDValue = idMapper.getResourceID(providerID, univID);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("DiscoveryBootstrap.getResourceOffering: " + "ResourceID Value:" + resourceIDValue);
}
resourceID.setValue(resourceIDValue);
offering.setResourceID(resourceID);
} else {
ObjectFactory fac = new com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory();
ResourceIDType resourceID = fac.createResourceIDType();
resourceID.setValue(DiscoConstants.IMPLIED_RESOURCE);
offering.setResourceID(resourceID);
}
List discoEntryList = new ArrayList();
discoEntryList.add(discoEntry);
SessionSubject sessionSubject = null;
if (DiscoServiceManager.encryptNIinSessionContext()) {
IDPSSODescriptorElement idpSSODesc = SAML2Utils.getSAML2MetaManager().getIDPSSODescriptor(realm, providerID);
EncInfo encInfo = KeyUtil.getEncInfo(idpSSODesc, wscID, SAML2Constants.IDP_ROLE);
NameIdentifier ni = EncryptedNameIdentifier.getEncryptedNameIdentifier(convertSPNameID(subject.getNameID()), providerID, encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength());
sessionSubject = new SessionSubject(ni, convertSC(subject.getSubjectConfirmation()), convertIDPNameID(subject.getNameID()));
} else {
sessionSubject = new SessionSubject(convertSPNameID(subject.getNameID()), convertSC(subject.getSubjectConfirmation()), convertIDPNameID(subject.getNameID()));
}
AuthnContext authnContext = new AuthnContext(authnContextClassRef, null);
authnContext.setMinorVersion(IFSConstants.FF_12_PROTOCOL_MINOR_VERSION);
SessionContext invocatorSession = new SessionContext(sessionSubject, authnContext, providerID);
Map map = DiscoUtils.checkPolicyAndHandleDirectives(univID, null, discoEntryList, null, invocatorSession, wscID, session);
List offerings = (List) map.get(DiscoUtils.OFFERINGS);
if (offerings.isEmpty()) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("DiscoveryBootstrap.getResourceOffering:" + "no ResourceOffering");
}
throw new SAML2Exception(SAML2Utils.bundle.getString("missingDiscoOffering"));
}
ResourceOffering resourceOffering = (ResourceOffering) offerings.get(0);
assertions = (List) map.get(DiscoUtils.CREDENTIALS);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("DiscoveryBootstrap.getResourceOffering: " + "Resource Offering:" + resourceOffering);
}
return resourceOffering.toString();
} catch (Exception ex) {
SAML2Utils.debug.error("DiscoveryBootstrap.getResourceOffering:" + "Exception while creating resource offering.", ex);
throw new SAML2Exception(ex);
}
}
Aggregations