Examples with DataStoreProviderException com.sun.identity.plugin.datastore.DataStoreProviderException used on opensource projects

Example 21 with DataStoreProviderException

use of com.sun.identity.plugin.datastore.DataStoreProviderException in project OpenAM by OpenRock.

the class FSDefaultRealmAttributePlugin method getAttributeValue.

private String getAttributeValue(Object token, String attrName) {
    if (attrName == null) {
        FSUtils.debug.error("FSDefaultAttributePlugin.getAttribute" + "Value: attribute Name is null. Check the attribute map");
        return null;
    }
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        String userID = sessionProvider.getPrincipalName(token);
        DataStoreProvider dsProvider = DataStoreProviderManager.getInstance().getDataStoreProvider(IFSConstants.IDFF);
        Set attrValues = dsProvider.getAttribute(userID, attrName);
        if (attrValues == null || attrValues.isEmpty()) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Value: values not found for : " + attrName);
            }
            return null;
        }
        return (String) attrValues.iterator().next();
    } catch (SessionException se) {
        FSUtils.debug.error("FSDefaultAttributePlugin.getAttributeValue: exception:", se);
    } catch (DataStoreProviderException dspe) {
        FSUtils.debug.error("FSDefaultAttributePlugin.getAttributeValue: exception: ", dspe);
    }
    return null;
}

Example 22 with DataStoreProviderException

use of com.sun.identity.plugin.datastore.DataStoreProviderException in project OpenAM by OpenRock.

the class SPACSUtils method getPrincipalWithoutLogin.

/**
     * Returns the username if there was one from the Assertion we were able to map into a local user account. Returns
     * null if not. Should only be used from the SP side. Should only be called in conjuncture with the Auth Module.
     * In addition, it performs what attribute federation it can.
     *
     * This method is a picked apart version of the "processResponse" function.
     */
public static String getPrincipalWithoutLogin(Subject assertionSubject, Assertion authnAssertion, String realm, String spEntityId, SAML2MetaManager metaManager, String idpEntityId, String storageKey) throws SAML2Exception {
    final EncryptedID encId = assertionSubject.getEncryptedID();
    final SPSSOConfigElement spssoconfig = metaManager.getSPSSOConfig(realm, spEntityId);
    final Set<PrivateKey> decryptionKeys = KeyUtil.getDecryptionKeys(spssoconfig);
    final SPAccountMapper acctMapper = SAML2Utils.getSPAccountMapper(realm, spEntityId);
    boolean needNameIDEncrypted = false;
    NameID nameId = assertionSubject.getNameID();
    String assertionEncryptedAttr = SAML2Utils.getAttributeValueFromSPSSOConfig(spssoconfig, SAML2Constants.WANT_ASSERTION_ENCRYPTED);
    if (assertionEncryptedAttr == null || !Boolean.parseBoolean(assertionEncryptedAttr)) {
        String idEncryptedStr = SAML2Utils.getAttributeValueFromSPSSOConfig(spssoconfig, SAML2Constants.WANT_NAMEID_ENCRYPTED);
        if (idEncryptedStr != null && Boolean.parseBoolean(idEncryptedStr)) {
            needNameIDEncrypted = true;
        }
    }
    if (needNameIDEncrypted && encId == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("nameIDNotEncrypted"));
    }
    if (encId != null) {
        nameId = encId.decrypt(decryptionKeys);
    }
    SPSSODescriptorElement spDesc = null;
    try {
        spDesc = metaManager.getSPSSODescriptor(realm, spEntityId);
    } catch (SAML2MetaException ex) {
        SAML2Utils.debug.error("Unable to read SPSSODescription", ex);
    }
    if (spDesc == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
    final String nameIDFormat = nameId.getFormat();
    if (nameIDFormat != null) {
        List spNameIDFormatList = spDesc.getNameIDFormat();
        if (CollectionUtils.isNotEmpty(spNameIDFormatList) && !spNameIDFormatList.contains(nameIDFormat)) {
            Object[] args = { nameIDFormat };
            throw new SAML2Exception(SAML2Utils.BUNDLE_NAME, "unsupportedNameIDFormatSP", args);
        }
    }
    final boolean isTransient = SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(nameIDFormat);
    final boolean isPersistent = SAML2Constants.PERSISTENT.equals(nameIDFormat);
    final boolean ignoreProfile = SAML2PluginsUtils.isIgnoredProfile(realm);
    final boolean shouldPersistNameID = isPersistent || (!isTransient && !ignoreProfile && acctMapper.shouldPersistNameIDFormat(realm, spEntityId, idpEntityId, nameIDFormat));
    String userName = null;
    boolean isNewAccountLink = false;
    try {
        if (shouldPersistNameID) {
            try {
                userName = SAML2Utils.getDataStoreProvider().getUserID(realm, SAML2Utils.getNameIDKeyMap(nameId, spEntityId, idpEntityId, realm, SAML2Constants.SP_ROLE));
            } catch (DataStoreProviderException dse) {
                throw new SAML2Exception(dse.getMessage());
            }
        }
        //if we can't get an already linked account, see if we'll be generating a new one based on federated data
        if (userName == null) {
            userName = acctMapper.getIdentity(authnAssertion, spEntityId, realm);
            //we'll use this later to inform us
            isNewAccountLink = true;
        }
    } catch (SAML2Exception se) {
        return null;
    }
    //if we're new and we're persistent, store the federation data in the user pref
    if (isNewAccountLink && isPersistent) {
        try {
            writeFedData(nameId, spEntityId, realm, metaManager, idpEntityId, userName, storageKey);
        } catch (SAML2Exception se) {
            return userName;
        }
    }
    return userName;
}

Example 23 with DataStoreProviderException

use of com.sun.identity.plugin.datastore.DataStoreProviderException in project OpenAM by OpenRock.

the class DefaultLibrarySPAccountMapper method getIdentity.

/**
     * Returns the user's disntinguished name or the universal ID for the 
     * corresponding  <code>SAML</code> <code>Assertion</code>. This method
     * will be invoked by the <code>WS-Federation</code> framework while 
     * processing the <code>Assertion</code> and retrieves the identity  
     * information. The implementation of this method checks for
     * the user for the corresponding name identifier in the assertion.
     *
     * @param rstr Request Security Token Response.
     * @param hostEntityID <code>EntityID</code> of the hosted provider.
     * @param realm realm or the organization name that may be used to find
     *        the user information.
     * @return user's disntinguished name or the universal ID.
     * @exception WSFederationException if any failure.
     */
public String getIdentity(RequestSecurityTokenResponse rstr, String hostEntityID, String realm) throws WSFederationException {
    if (rstr == null) {
        throw new WSFederationException(bundle.getString("nullRstr"));
    }
    if (hostEntityID == null) {
        throw new WSFederationException(bundle.getString("nullHostEntityID"));
    }
    if (realm == null) {
        throw new WSFederationException(bundle.getString("nullRealm"));
    }
    SAML11RequestedSecurityToken rst = (SAML11RequestedSecurityToken) rstr.getRequestedSecurityToken();
    Subject subject = null;
    Assertion assertion = rst.getAssertion();
    Iterator iter = assertion.getStatement().iterator();
    while (iter.hasNext()) {
        Statement statement = (Statement) iter.next();
        if (statement.getStatementType() == Statement.AUTHENTICATION_STATEMENT) {
            subject = ((SubjectStatement) statement).getSubject();
            break;
        }
    }
    NameIdentifier nameID = subject.getNameIdentifier();
    String userID = null;
    String format = nameID.getFormat();
    String remoteEntityID = WSFederationUtils.getMetaManager().getEntityByTokenIssuerName(realm, assertion.getIssuer());
    if (debug.messageEnabled()) {
        debug.message("DefaultLibrarySPAccountMapper.getIdentity(Assertion):" + " realm = " + realm + " hostEntityID = " + hostEntityID);
    }
    try {
        userID = dsProvider.getUserID(realm, getSearchParameters(nameID, realm, hostEntityID, remoteEntityID));
    } catch (DataStoreProviderException dse) {
        debug.error("DefaultLibrarySPAccountMapper.getIdentity(Assertion): " + "DataStoreProviderException", dse);
        throw new WSFederationException(dse);
    }
    return userID;
}

Example 24 with DataStoreProviderException

use of com.sun.identity.plugin.datastore.DataStoreProviderException in project OpenAM by OpenRock.

the class IdRepoDataStoreProvider method setAttributes.

/**
     * Sets attributes for a user. 
     * @param userID Universal identifier of the user. 
     * @param attrMap Map of attributes to be set, key is the
     *  attribute name and value is a Set containing the attribute values.
     * @throws DataStoreProviderException if unable to set values. 
     */
public void setAttributes(String userID, Map<String, Set<String>> attrMap) throws DataStoreProviderException {
    if (userID == null) {
        throw new DataStoreProviderException(bundle.getString("nullUserId"));
    }
    if (attrMap == null) {
        throw new DataStoreProviderException(bundle.getString("nullAttrMap"));
    }
    try {
        SSOToken adminToken = AccessController.doPrivileged(AdminTokenAction.getInstance());
        AMIdentity amId = IdUtils.getIdentity(adminToken, userID);
        amId.setAttributes(attrMap);
        amId.store();
    } catch (SSOException ssoe) {
        debug.error("IdRepoDataStoreProvider.setAttribute(): " + "invalid admin SSOtoken", ssoe);
        throw new DataStoreProviderException(ssoe);
    } catch (IdRepoException ide) {
        debug.error("IdRepoDataStoreProvider.setAttribute(): " + "IdRepo exception", ide);
        throw new DataStoreProviderException(ide);
    }
}

Example 25 with DataStoreProviderException

use of com.sun.identity.plugin.datastore.DataStoreProviderException in project OpenAM by OpenRock.

the class IdRepoDataStoreProvider method getBinaryAttributes.

/**
     * Returns binary attribute values for a user.
     * @param userID Universal identifier of the user.
     * @param attrNames Set of attributes whose values are to be retrieved.
     * @return Map containing attribute key/value pair, key is the
     *  attribute name, value is a Set of byte[][] values.
     * @throws DataStoreProviderException if unable to retrieve the values.
     */
public Map<String, byte[][]> getBinaryAttributes(String userID, Set<String> attrNames) throws DataStoreProviderException {
    if (userID == null) {
        throw new DataStoreProviderException(bundle.getString("nullUserId"));
    }
    if (attrNames == null) {
        throw new DataStoreProviderException(bundle.getString("nullAttrSet"));
    }
    try {
        SSOToken adminToken = AccessController.doPrivileged(AdminTokenAction.getInstance());
        AMIdentity amId = IdUtils.getIdentity(adminToken, userID);
        return amId.getBinaryAttributes(attrNames);
    } catch (SSOException ssoe) {
        debug.error("IdRepoDataStoreProvider.getBinaryAttributes(): invalid admin SSOToken", ssoe);
        throw new DataStoreProviderException(ssoe);
    } catch (IdRepoException ide) {
        debug.error("IdRepoDataStoreProvider.getBinaryAttributes(): IdRepo exception", ide);
        throw new DataStoreProviderException(ide);
    }
}