Example 31 with DataStoreProviderException
use of com.sun.identity.plugin.datastore.DataStoreProviderException in project OpenAM by OpenRock.
the class DefaultLibraryIDPAttributeMapper method getAttributes.
/**
* Returns list of SAML <code>Attribute</code> objects for the
* IDP framework to insert into the generated <code>Assertion</code>.
*
* @param session Single sign-on session.
* @param hostEntityID <code>EntityID</code> of the hosted entity.
* @param remoteEntityID <code>EntityID</code> of the remote entity.
* @param realm name of the realm.
* @exception SAML2Exception if any failure.
*/
public List getAttributes(Object session, String hostEntityID, String remoteEntityID, String realm) throws SAML2Exception {
if (hostEntityID == null) {
throw new SAML2Exception(bundle.getString("nullHostEntityID"));
}
if (realm == null) {
throw new SAML2Exception(bundle.getString("nullHostEntityID"));
}
if (session == null) {
throw new SAML2Exception(bundle.getString("nullSSOToken"));
}
try {
if (!SessionManager.getProvider().isValid(session)) {
if (debug.warningEnabled()) {
debug.warning("DefaultLibraryIDPAttributeMapper." + "getAttributes: Invalid session");
}
return null;
}
Map<String, String> configMap = getConfigAttributeMap(realm, remoteEntityID, SP);
if (debug.messageEnabled()) {
debug.message("DefaultLibraryIDPAttributeMapper." + "getAttributes: remote SP attribute map = " + configMap);
}
if (configMap == null || configMap.isEmpty()) {
configMap = getConfigAttributeMap(realm, hostEntityID, IDP);
if (configMap == null || configMap.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("DefaultLibraryIDPAttributeMapper." + "getAttributes: Configuration map is not defined.");
}
return null;
}
if (debug.messageEnabled()) {
debug.message("DefaultLibraryIDPAttributeMapper." + "getAttributes: hosted IDP attribute map=" + configMap);
}
}
List<Attribute> attributes = new ArrayList<Attribute>();
Map<String, Set<String>> stringValueMap = null;
Map<String, byte[][]> binaryValueMap = null;
if (!isDynamicalOrIgnoredProfile(realm)) {
try {
// Resolve attributes to be read from the datastore.
Set<String> stringAttributes = new HashSet<String>(configMap.size());
Set<String> binaryAttributes = new HashSet<String>(configMap.size());
for (String localAttribute : configMap.values()) {
if (isStaticAttributeValue(localAttribute)) {
// skip over, handled directly in next step
} else if (isBinaryAttributeValue(localAttribute)) {
// add it to the list of attributes to treat as being binary
binaryAttributes.add(removeBinaryFlag(localAttribute));
} else {
stringAttributes.add(localAttribute);
}
}
if (!stringAttributes.isEmpty()) {
stringValueMap = dsProvider.getAttributes(SessionManager.getProvider().getPrincipalName(session), stringAttributes);
}
if (!binaryAttributes.isEmpty()) {
binaryValueMap = dsProvider.getBinaryAttributes(SessionManager.getProvider().getPrincipalName(session), binaryAttributes);
}
} catch (DataStoreProviderException dse) {
if (debug.warningEnabled()) {
debug.warning("DefaultLibraryIDPAttributeMapper." + "getAttributes:", dse);
}
//continue to check in ssotoken.
}
}
for (Map.Entry<String, String> entry : configMap.entrySet()) {
String samlAttribute = entry.getKey();
String localAttribute = entry.getValue();
String nameFormat = null;
// check if samlAttribute has format nameFormat|samlAttribute
StringTokenizer tokenizer = new StringTokenizer(samlAttribute, "|");
if (tokenizer.countTokens() > 1) {
nameFormat = tokenizer.nextToken();
samlAttribute = tokenizer.nextToken();
}
Set<String> attributeValues = null;
if (isStaticAttributeValue(localAttribute)) {
localAttribute = removeStaticFlag(localAttribute);
// Remove the static flag before using it as the static value
attributeValues = CollectionUtils.asSet(localAttribute);
if (debug.messageEnabled()) {
debug.message("DefaultLibraryIDPAttributeMapper." + "getAttribute: adding static " + "value " + localAttribute + " for attribute named " + samlAttribute);
}
} else {
if (isBinaryAttributeValue(localAttribute)) {
// Remove the flag as not used for lookup
localAttribute = removeBinaryFlag(localAttribute);
attributeValues = getBinaryAttributeValues(samlAttribute, localAttribute, binaryValueMap);
} else {
if (stringValueMap != null && !stringValueMap.isEmpty()) {
attributeValues = stringValueMap.get(localAttribute);
} else {
if (debug.messageEnabled()) {
debug.message("DefaultLibraryIDPAttributeMapper." + "getAttribute: " + localAttribute + " string value map was empty or null");
}
}
}
// If all else fails, try to get the value from the users ssoToken
if (attributeValues == null || attributeValues.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("DefaultLibraryIDPAttributeMapper." + "getAttribute: user profile does not have " + "value for " + localAttribute + ", checking SSOToken");
}
attributeValues = CollectionUtils.asSet(SessionManager.getProvider().getProperty(session, localAttribute));
}
}
if (attributeValues == null || attributeValues.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("DefaultLibraryIDPAttributeMapper.getAttribute: " + "user profile does not have a value for " + localAttribute);
}
} else {
attributes.add(getSAMLAttribute(samlAttribute, nameFormat, attributeValues, hostEntityID, remoteEntityID, realm));
}
}
return attributes;
} catch (SessionException se) {
debug.error("DefaultLibraryIDPAttribute.getAttributes: ", se);
throw new SAML2Exception(se);
}
}
Also used :
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
Set(java.util.Set)
HashSet(java.util.HashSet)
Attribute(com.sun.identity.saml2.assertion.Attribute)
ArrayList(java.util.ArrayList)
SessionException(com.sun.identity.plugin.session.SessionException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
StringTokenizer(java.util.StringTokenizer)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 32 with DataStoreProviderException
use of com.sun.identity.plugin.datastore.DataStoreProviderException in project OpenAM by OpenRock.
the class AttributeQueryUtil method getIdentityFromDataStoreX509Subject.
public static String getIdentityFromDataStoreX509Subject(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
Subject subject = attrQuery.getSubject();
NameID nameID = null;
EncryptedID encryptedID = subject.getEncryptedID();
if (encryptedID != null) {
nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
} else {
nameID = subject.getNameID();
}
if (!SAML2Constants.X509_SUBJECT_NAME.equals(nameID.getFormat())) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedAttrQuerySubjectNameID"));
}
String mappingAttrName = getAttributeValueFromAttrAuthorityConfig(realm, attrAuthorityEntityID, SAML2Constants.X509_SUBJECT_DATA_STORE_ATTR_NAME);
if ((mappingAttrName == null) || (mappingAttrName.length() == 0)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("x509SubjectMappingNotConfigured"));
}
String x509SubjectDN = nameID.getValue();
Map attrMap = new HashMap();
Set values = new HashSet();
values.add(x509SubjectDN);
attrMap.put(mappingAttrName, values);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.getIdentityFromDataStoreX509Subject: " + "mappingAttrName = " + mappingAttrName + ", X509 subject DN = " + x509SubjectDN);
}
try {
return dsProvider.getUserID(realm, attrMap);
} catch (DataStoreProviderException dse) {
SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStoreX509Subject:", dse);
throw new SAML2Exception(dse.getMessage());
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
Set(java.util.Set)
HashSet(java.util.HashSet)
NameID(com.sun.identity.saml2.assertion.NameID)
HashMap(java.util.HashMap)
EncryptedID(com.sun.identity.saml2.assertion.EncryptedID)
Map(java.util.Map)
HashMap(java.util.HashMap)
Subject(com.sun.identity.saml2.assertion.Subject)
HashSet(java.util.HashSet)
Example 33 with DataStoreProviderException
use of com.sun.identity.plugin.datastore.DataStoreProviderException in project OpenAM by OpenRock.
the class AttributeQueryUtil method getIdentity.
public static String getIdentity(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
Subject subject = attrQuery.getSubject();
NameID nameID = null;
EncryptedID encryptedID = subject.getEncryptedID();
if (encryptedID != null) {
nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
} else {
nameID = subject.getNameID();
}
String nameIDFormat = nameID.getFormat();
// NameIDFormat is "transient"
if (SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(nameIDFormat)) {
return (String) IDPCache.userIDByTransientNameIDValue.get(nameID.getValue());
} else // NameIDFormat is "unspecified"
if (SAML2Constants.UNSPECIFIED.equals(nameIDFormat)) {
Map userIDsSearchMap = new HashMap();
Set userIDValuesSet = new HashSet();
userIDValuesSet.add(nameID.getValue());
String userId = "uid";
IDPSSOConfigElement config = SAML2Utils.getSAML2MetaManager().getIDPSSOConfig(realm, attrAuthorityEntityID);
Map attrs = SAML2MetaUtils.getAttributes(config);
List nimAttrs = (List) attrs.get(SAML2Constants.NAME_ID_FORMAT_MAP);
for (Iterator i = nimAttrs.iterator(); i.hasNext(); ) {
String attrName = (String) i.next();
if (attrName != null && attrName.length() > 2 && attrName.startsWith(nameIDFormat)) {
int eqPos = attrName.indexOf('=');
if (eqPos != -1 && eqPos < attrName.length() - 2) {
userId = attrName.substring(eqPos + 1);
SAML2Utils.debug.message("AttributeQueryUtil.getIdentity: NameID attribute from map: " + userId);
break;
}
}
}
userIDsSearchMap.put(userId, userIDValuesSet);
try {
return dsProvider.getUserID(realm, userIDsSearchMap);
} catch (DataStoreProviderException dse) {
SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore1:", dse);
throw new SAML2Exception(dse.getMessage());
}
} else {
String requestedEntityID = attrQuery.getIssuer().getValue();
try {
return dsProvider.getUserID(realm, SAML2Utils.getNameIDKeyMap(nameID, attrAuthorityEntityID, requestedEntityID, realm, SAML2Constants.IDP_ROLE));
} catch (DataStoreProviderException dse) {
SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore:", dse);
throw new SAML2Exception(dse.getMessage());
}
}
}
Also used :
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
Set(java.util.Set)
HashSet(java.util.HashSet)
NameID(com.sun.identity.saml2.assertion.NameID)
HashMap(java.util.HashMap)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
EncryptedID(com.sun.identity.saml2.assertion.EncryptedID)
Subject(com.sun.identity.saml2.assertion.Subject)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
Map(java.util.Map)
HashMap(java.util.HashMap)
HashSet(java.util.HashSet)
Example 34 with DataStoreProviderException
use of com.sun.identity.plugin.datastore.DataStoreProviderException in project OpenAM by OpenRock.
the class AttributeQueryUtil method getUserAttributes.
public static List getUserAttributes(String userId, AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
String requestedEntityID = attrQuery.getIssuer().getValue();
Map configMap = SAML2Utils.getConfigAttributeMap(realm, requestedEntityID, SAML2Constants.SP_ROLE);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.getUserAttributes: " + "remote SP attribute map = " + configMap);
}
if (configMap == null || configMap.isEmpty()) {
configMap = SAML2Utils.getConfigAttributeMap(realm, attrAuthorityEntityID, SAML2Constants.IDP_ROLE);
if (configMap == null || configMap.isEmpty()) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.getUserAttributes:" + "Configuration map is not defined.");
}
return null;
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.getUserAttributes: " + "hosted IDP attribute map=" + configMap);
}
}
List attributes = new ArrayList();
Set localAttributes = new HashSet();
localAttributes.addAll(configMap.values());
Map valueMap = null;
try {
valueMap = dsProvider.getAttributes(userId, localAttributes);
} catch (DataStoreProviderException dse) {
if (SAML2Utils.debug.warningEnabled()) {
SAML2Utils.debug.warning("AttributeQueryUtil.getUserAttributes:", dse);
}
}
Iterator iter = configMap.keySet().iterator();
while (iter.hasNext()) {
String samlAttribute = (String) iter.next();
String localAttribute = (String) configMap.get(samlAttribute);
String[] localAttributeValues = null;
if ((valueMap != null) && (!valueMap.isEmpty())) {
Set values = (Set) valueMap.get(localAttribute);
if ((values == null) || values.isEmpty()) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.getUserAttributes:" + " user profile does not have value for " + localAttribute);
}
} else {
localAttributeValues = (String[]) values.toArray(new String[values.size()]);
}
}
if ((localAttributeValues == null) || (localAttributeValues.length == 0)) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.getUserAttributes:" + " user does not have " + localAttribute);
}
continue;
}
Attribute attr = SAML2Utils.getSAMLAttribute(samlAttribute, localAttributeValues);
attributes.add(attr);
}
return attributes;
}
Also used :
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
Set(java.util.Set)
HashSet(java.util.HashSet)
Attribute(com.sun.identity.saml2.assertion.Attribute)
ArrayList(java.util.ArrayList)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
Map(java.util.Map)
HashMap(java.util.HashMap)
HashSet(java.util.HashSet)
Example 35 with DataStoreProviderException
use of com.sun.identity.plugin.datastore.DataStoreProviderException in project OpenAM by OpenRock.
the class AccountUtils method removeAccountFederation.
/**
* Removes the account federation of a user.
* @param info <code>NameIDInfo</code> object.
* @param userID user identifier for which the account federation is to
* be removed.
* @return true if the account federation is removed successfully.
* @exception WSFederationException if any failure.
*/
public static boolean removeAccountFederation(NameIDInfo info, String userID) throws WSFederationException {
String classMethod = "AccountUtils.removeAccountFederation: ";
WSFederationUtils.debug.message(classMethod);
if (info == null) {
throw new WSFederationException(WSFederationUtils.bundle.getString("nullNameIDInfo"));
}
if (userID == null) {
throw new WSFederationException(WSFederationUtils.bundle.getString("nullUserID"));
}
try {
Set existingFed = WSFederationUtils.dsProvider.getAttribute(userID, getNameIDInfoAttribute());
Set existingInfoKey = WSFederationUtils.dsProvider.getAttribute(userID, getNameIDInfoKeyAttribute());
if (existingFed == null || existingFed.isEmpty()) {
if (WSFederationUtils.debug.messageEnabled()) {
WSFederationUtils.debug.message(classMethod + "user does not have account federation infos.");
}
return false;
}
String infoValue = info.toValueString();
String infoKeyValue = info.getNameIDInfoKey().toValueString();
if (WSFederationUtils.debug.messageEnabled()) {
WSFederationUtils.debug.message(classMethod + "info to be removed:" + infoValue + "user=" + userID + "infoKeyValue = " + infoKeyValue);
}
if (existingFed.contains(infoValue)) {
existingFed.remove(infoValue);
if (existingInfoKey != null && existingInfoKey.contains(infoKeyValue)) {
existingInfoKey.remove(infoKeyValue);
}
Map map = new HashMap();
map.put(getNameIDInfoAttribute(), existingFed);
map.put(getNameIDInfoKeyAttribute(), existingInfoKey);
WSFederationUtils.dsProvider.setAttributes(userID, map);
return true;
}
if (WSFederationUtils.debug.messageEnabled()) {
WSFederationUtils.debug.message(classMethod + "account federation info not found.");
}
return false;
} catch (DataStoreProviderException dse) {
WSFederationUtils.debug.error(classMethod + "DataStoreProviderException", dse);
throw new WSFederationException(dse);
} catch (SAML2Exception se) {
WSFederationUtils.debug.error(classMethod + "SAML2Exception", se);
throw new WSFederationException(se);
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashMap(java.util.HashMap)
Aggregations
DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)35
Set (java.util.Set)26
HashSet (java.util.HashSet)20
Iterator (java.util.Iterator)18
Map (java.util.Map)15
HashMap (java.util.HashMap)12
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)9
SessionException (com.sun.identity.plugin.session.SessionException)8
ArrayList (java.util.ArrayList)8
List (java.util.List)7
SSOException (com.iplanet.sso.SSOException)6
AMIdentity (com.sun.identity.idm.AMIdentity)6
IdRepoException (com.sun.identity.idm.IdRepoException)6
SSOToken (com.iplanet.sso.SSOToken)5
DataStoreProvider (com.sun.identity.plugin.datastore.DataStoreProvider)5
EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)5
NameID (com.sun.identity.saml2.assertion.NameID)5
SessionProvider (com.sun.identity.plugin.session.SessionProvider)4
SAMLException (com.sun.identity.saml.common.SAMLException)4
NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)3
