Example 1 with Attribute
use of com.sun.identity.saml.assertion.Attribute in project OpenAM by OpenRock.
the class FSAttributeStatementHelper method getAutoFedAttributeStatement.
/**
* Gets a SAML <code>AttributeStatement</code> by using an
* <code>AutoFederate</code> attribute that is configured in Local Provider.
* @param realm The realm under which the entity resides.
* @param entityID Host Provider's entity ID.
* @param sub Liberty Subject.
* @param ssoToken session of the user
* @return Generated Auto Federate Attribute Statement.
* @exception FSException if an error occurred
*/
public static AttributeStatement getAutoFedAttributeStatement(String realm, String entityID, FSSubject sub, Object ssoToken) throws FSException {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
BaseConfigType hostConfig = null;
try {
if (metaManager != null) {
hostConfig = metaManager.getIDPDescriptorConfig(realm, entityID);
}
} catch (IDFFMetaException fae) {
FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: IDFFMetaException ", fae);
throw new FSException(fae);
}
String autoFedAttr = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.AUTO_FEDERATION_ATTRIBUTE);
if (autoFedAttr == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAttributeStatementHelper.getAutoFed:" + "AttributeStatement: AutoFederate Attribute is null");
}
return null;
}
List values = new ArrayList();
try {
String userID = SessionManager.getProvider().getPrincipalName(ssoToken);
DataStoreProvider provider = DataStoreProviderManager.getInstance().getDataStoreProvider(IFSConstants.IDFF);
Set vals = provider.getAttribute(userID, autoFedAttr);
Iterator iter = vals.iterator();
while (iter.hasNext()) {
values.add(getAttributeValue((String) iter.next()));
}
} catch (SessionException se) {
FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: SessionException ", se);
throw new FSException(se);
} catch (DataStoreProviderException ie) {
FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: DataStoreProviderException ", ie);
throw new FSException(ie);
}
if (values == null || values.size() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAtributeStatementHelper.getAuto:" + "FedAttributeStatement. No values for autofed attribute");
}
return null;
}
try {
Attribute attribute = new Attribute(IFSConstants.AUTO_FED_ATTR, IFSConstants.assertionSAMLNameSpaceURI, values);
List attributeList = new ArrayList();
attributeList.add(attribute);
return new AttributeStatement(sub, attributeList);
} catch (SAMLException ex) {
FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: SAMLException ", ex);
throw new FSException(ex);
}
}
Also used :
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
Set(java.util.Set)
Attribute(com.sun.identity.saml.assertion.Attribute)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
DataStoreProvider(com.sun.identity.plugin.datastore.DataStoreProvider)
ArrayList(java.util.ArrayList)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
FSException(com.sun.identity.federation.common.FSException)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 2 with Attribute
use of com.sun.identity.saml.assertion.Attribute in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method checkForAttributeStatement.
/**
* Checks the attribute statement for boot strap statement or auto fed
* attribute statement.
* @param attrStatement AttributeStatement.
* @return true if the <code>AttributeStatement</code> is of type
* discovery boot strap or the auto federation statement.
*/
private boolean checkForAttributeStatement(AttributeStatement attrStatement) {
List attributes = attrStatement.getAttribute();
if (attributes == null || attributes.size() == 0) {
return false;
}
Iterator iter = attributes.iterator();
Attribute attribute = (Attribute) iter.next();
if (attribute.getAttributeName().equals(IFSConstants.DISCO_RESOURCE_OFFERING_NAME)) {
bootStrapStatement = attrStatement;
return true;
} else if (attribute.getAttributeName().equals(IFSConstants.AUTO_FED_ATTR)) {
_autoFedStatement = attrStatement;
List attrValue = null;
try {
attrValue = attribute.getAttributeValue();
} catch (SAMLException se) {
FSUtils.debug.error("FSAssertionArtifactHandler.checkFor" + "AttributeStatement: ", se);
}
String _autoFedValue = null;
if (attrValue != null && attrValue.size() != 0) {
Iterator iter2 = attrValue.iterator();
Element elem = (Element) iter2.next();
_autoFedValue = XMLUtils.getElementValue(elem);
}
String enabledStr = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_AUTO_FEDERATION);
if (enabledStr != null && enabledStr.equalsIgnoreCase("true") && _autoFedValue != null) {
autoFedSearchMap = new HashMap();
Set set = new HashSet();
set.add(_autoFedValue);
autoFedSearchMap.put(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.AUTO_FEDERATION_ATTRIBUTE), set);
}
return true;
}
return false;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
Attribute(com.sun.identity.saml.assertion.Attribute)
HashMap(java.util.HashMap)
Element(org.w3c.dom.Element)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
SAMLException(com.sun.identity.saml.common.SAMLException)
HashSet(java.util.HashSet)
Example 3 with Attribute
use of com.sun.identity.saml.assertion.Attribute in project OpenAM by OpenRock.
the class DefaultAttributeMapper method getAttributes.
/**
* This method first mapps the Subject in the query to a local site
* account using the AccountMapper defined in the SAML Service.
* The source ID is used to find the appropriate AccountMapper.
* It then calls the User Management API to obtain the attribute value
* using the Session and the attribute name in the AttributeDesignator(s)
* of the query. If there is no AttributeDesignator in the query,
* attributes of services specified as userServiceNameList in
* amSAML.properties will be returned.
* <p>
*
* @param query the <code>AttributeQuery</code> object.
* @param sourceID the Source Identifier.
* @param token User Session
* @throws SAMLException if there is an error.
*/
public List getAttributes(AttributeQuery query, String sourceID, Object token) throws SAMLException {
if ((query == null) || (sourceID == null) || (token == null)) {
SAMLUtils.debug.message("DefaultAttributeMapper: null input.");
throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
}
Map entries = (Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS);
SAMLServiceManager.SOAPEntry destSite = (SAMLServiceManager.SOAPEntry) entries.get(sourceID);
String name = null;
PartnerAccountMapper paMapper = destSite.getPartnerAccountMapper();
if (paMapper != null) {
Map map = paMapper.getUser(query, sourceID);
name = (String) map.get(PartnerAccountMapper.NAME);
}
if (name == null) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultAttributeMapper: couldn't " + "map the subject to a local user.");
}
throw new SAMLException(SAMLUtils.bundle.getString("cannotMapSubject"));
}
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("user=" + name);
}
// assume user in default root realm
DataStoreProvider provider = null;
try {
provider = DataStoreProviderManager.getInstance().getDataStoreProvider(SAMLConstants.SAML);
} catch (DataStoreProviderException de) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultAttributeMapper.getAttribute:", de);
}
throw new SAMLException(SAMLUtils.bundle.getString("cannotMapSubject"));
}
List attributes = new ArrayList();
Attribute attribute = null;
List attrValues = null;
String attrValueString = null;
String attrName = null;
Set valueSet = null;
Iterator valueIter = null;
List designators = query.getAttributeDesignator();
if ((designators == null) || (designators.isEmpty())) {
String userAttrName = SystemConfigurationUtil.getProperty("userAttributeNameList");
if ((userAttrName == null) || (userAttrName.length() == 0)) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultAttributeMapper: " + "userAttributeNameList is not defined " + "or empty.");
}
return attributes;
}
Set attrNames = new HashSet();
StringTokenizer stk = new StringTokenizer(userAttrName, ",");
while (stk.hasMoreTokens()) {
attrNames.add(stk.nextToken().trim());
}
Map valueMap = null;
try {
valueMap = provider.getAttributes(name, attrNames);
} catch (DataStoreProviderException ie) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultAttributeMapper: " + "DataStoreProviderException:", ie);
}
throw new SAMLException(ie.getMessage());
}
Set keySet = valueMap.keySet();
String keyName = null;
Iterator keyIter = keySet.iterator();
while (keyIter.hasNext()) {
keyName = (String) keyIter.next();
valueSet = (Set) valueMap.get(keyName);
valueIter = valueSet.iterator();
attrValues = new ArrayList();
while (valueIter.hasNext()) {
attrValueString = SAMLUtils.makeStartElementTagXML("AttributeValue", true, true) + ((String) valueIter.next()) + SAMLUtils.makeEndElementTagXML("AttributeValue", true);
attrValues.add(XMLUtils.toDOMDocument(attrValueString, SAMLUtils.debug).getDocumentElement());
}
if (!attrValues.isEmpty()) {
attribute = new Attribute(keyName, SAMLConstants.ATTR_NAME_SPACE, attrValues);
attributes.add(attribute);
}
}
} else {
Iterator iter = designators.iterator();
AttributeDesignator designator = null;
while (iter.hasNext()) {
designator = (AttributeDesignator) iter.next();
attrName = (String) designator.getAttributeName();
try {
valueSet = provider.getAttribute(name, attrName);
} catch (DataStoreProviderException ie) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultAttributeMapper: " + "DataStoreProviderException:", ie);
}
throw new SAMLException(ie.getMessage());
}
valueIter = valueSet.iterator();
attrValues = new ArrayList();
while (valueIter.hasNext()) {
attrValueString = SAMLUtils.makeStartElementTagXML("AttributeValue", true, true) + ((String) valueIter.next()) + SAMLUtils.makeEndElementTagXML("AttributeValue", true);
attrValues.add(XMLUtils.toDOMDocument(attrValueString, SAMLUtils.debug).getDocumentElement());
}
if (!attrValues.isEmpty()) {
attribute = new Attribute(attrName, designator.getAttributeNamespace(), attrValues);
attributes.add(attribute);
}
}
}
return attributes;
}
Also used :
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
HashSet(java.util.HashSet)
Set(java.util.Set)
Attribute(com.sun.identity.saml.assertion.Attribute)
DataStoreProvider(com.sun.identity.plugin.datastore.DataStoreProvider)
ArrayList(java.util.ArrayList)
SAMLException(com.sun.identity.saml.common.SAMLException)
StringTokenizer(java.util.StringTokenizer)
AttributeDesignator(com.sun.identity.saml.assertion.AttributeDesignator)
Iterator(java.util.Iterator)
SAMLServiceManager(com.sun.identity.saml.common.SAMLServiceManager)
ArrayList(java.util.ArrayList)
NodeList(org.w3c.dom.NodeList)
List(java.util.List)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 4 with Attribute
use of com.sun.identity.saml.assertion.Attribute in project OpenAM by OpenRock.
the class DefaultSiteAttributeMapper method getAttributes.
/**
* Returns <code>List</code> of <code>Attribute</code> objects
*
* @param token User's session.
* @param request The HttpServletRerquest object of the request which
* may contains query attributes to be included in the
* Assertion. This could be null if unavailable.
* @param response The HttpServletResponse object. This could be null
* if unavailable.
* @param targetURL value for TARGET query parameter when the user
* accessing the SAML aware servlet or post profile
* servlet. This could be null if unavailabl
* @return <code>List</code> if <code>Attribute</code> objects.
* <code>Attribute</code> is defined in the SAML SDK as part of
* <code>com.sun.identity.saml.assertion</code> package.
* @throws SAMLException if attributes cannot be obtained.
*/
public List getAttributes(Object token, HttpServletRequest request, HttpServletResponse response, String targetURL) throws SAMLException {
Map attrMap = (Map) SAMLServiceManager.getAttribute(SAMLConstants.ATTRIBUTE_MAP);
if ((attrMap == null) || (attrMap.isEmpty())) {
return null;
}
Set localAttrNames = new HashSet();
localAttrNames.addAll(attrMap.values());
Map localValueMap = null;
try {
DataStoreProvider dsProvider = DataStoreProviderManager.getInstance().getDataStoreProvider(SAMLConstants.SAML);
localValueMap = dsProvider.getAttributes(SessionManager.getProvider().getPrincipalName(token), localAttrNames);
} catch (Exception ex) {
if (SAMLUtils.debug.warningEnabled()) {
SAMLUtils.debug.warning("DefaultSiteAttributeMapper." + "getAttributes:", ex);
}
}
List samlAttrs = null;
for (Iterator iter = attrMap.keySet().iterator(); iter.hasNext(); ) {
String samlAttrName = (String) iter.next();
String localAttrName = (String) attrMap.get(samlAttrName);
String attrNamespace = null;
StringTokenizer tokenizer = new StringTokenizer(samlAttrName, "|");
int tokenCount = tokenizer.countTokens();
if (tokenCount == 1) {
attrNamespace = SAMLConstants.assertionSAMLNameSpaceURI;
} else if (tokenCount == 2) {
attrNamespace = tokenizer.nextToken();
samlAttrName = tokenizer.nextToken();
} else {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." + "getAttribute: invalid saml attribute in attribute " + " map. saml attribute = " + samlAttrName + ", the " + " syntax is namespace|attrName.");
}
continue;
}
String[] localAttrValues = null;
if ((localValueMap != null) && (!localValueMap.isEmpty())) {
Set values = (Set) localValueMap.get(localAttrName);
if ((values == null) || (values.isEmpty())) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." + "getAttribute: user profile does not have " + "value for " + localAttrName + " but is going to check ssotoken:");
}
} else {
localAttrValues = (String[]) values.toArray(new String[values.size()]);
}
}
if (localAttrValues == null) {
try {
localAttrValues = SessionManager.getProvider().getProperty(token, localAttrName);
} catch (SessionException ex) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." + "getAttribute:", ex);
}
}
}
if ((localAttrValues == null) || (localAttrValues.length == 0)) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." + "getAttribute: user does not have " + localAttrName);
}
} else {
Attribute samlAttr = getSAMLAttribute(samlAttrName, attrNamespace, localAttrValues);
if (samlAttr != null) {
if (samlAttrs == null) {
samlAttrs = new ArrayList();
}
samlAttrs.add(samlAttr);
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." + "getAttribute: add atttribute = " + samlAttrName + ", attrNamespace = " + attrNamespace + ", values = " + localAttrValues);
}
}
}
}
return samlAttrs;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
Attribute(com.sun.identity.saml.assertion.Attribute)
DataStoreProvider(com.sun.identity.plugin.datastore.DataStoreProvider)
ArrayList(java.util.ArrayList)
SessionException(com.sun.identity.plugin.session.SessionException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
StringTokenizer(java.util.StringTokenizer)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 5 with Attribute
use of com.sun.identity.saml.assertion.Attribute in project OpenAM by OpenRock.
the class AssertionManagerClient method createAssertion.
/**
* Returns an assertion that contains an authentication and attribute
* statement.
* @param token User session that contains authentication
* information which is needed to create the authentication
* statement for the assertion.
* @param attributes A list of attribute objects which are used to create
* the attribute statement.
* @return The created assertion.
* @throws SAMLException If the Assertion cannot be created.
*/
public Assertion createAssertion(Object token, List attributes) throws SAMLException {
if (useLocal) {
return (assertionManager.createAssertion(token, attributes));
}
// Check for null or empty attributes
if (attributes == null || attributes.isEmpty())
return (createAssertion(token));
String assertion = null;
try {
List attrs = new LinkedList();
for (Iterator iter = attributes.iterator(); iter.hasNext(); ) {
Attribute attribute = (Attribute) iter.next();
attrs.add(attribute.toString(true, true));
}
SessionProvider sessionProvider = SessionManager.getProvider();
Object[] args = { sessionProvider.getSessionID(token), attrs };
assertion = (String) stub.send("createAssertion2", args, null, null);
return (new Assertion(XMLUtils.toDOMDocument(assertion, SAMLUtils.debug).getDocumentElement()));
} catch (Exception re) {
if (SAMLUtils.debug.warningEnabled()) {
SAMLUtils.debug.warning("AMC:createAssertion(SSO, attrs)", re);
}
throw (new SAMLException(re.getMessage()));
}
}
Also used :
Attribute(com.sun.identity.saml.assertion.Attribute)
Assertion(com.sun.identity.saml.assertion.Assertion)
SAMLException(com.sun.identity.saml.common.SAMLException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Aggregations
Attribute (com.sun.identity.saml.assertion.Attribute)14
SAMLException (com.sun.identity.saml.common.SAMLException)13
List (java.util.List)12
Iterator (java.util.Iterator)11
ArrayList (java.util.ArrayList)8
Map (java.util.Map)7
Set (java.util.Set)7
AttributeStatement (com.sun.identity.saml.assertion.AttributeStatement)6
HashSet (java.util.HashSet)6
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)5
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)5
SessionException (com.sun.identity.plugin.session.SessionException)5
HashMap (java.util.HashMap)4
DataStoreProvider (com.sun.identity.plugin.datastore.DataStoreProvider)3
IDPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)2
SPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)2
DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)2
SessionProvider (com.sun.identity.plugin.session.SessionProvider)2
Assertion (com.sun.identity.saml.assertion.Assertion)2
WSFederationException (com.sun.identity.wsfederation.common.WSFederationException)2
