Example 6 with Attribute
use of com.sun.identity.saml.assertion.Attribute in project OpenAM by OpenRock.
the class FSAttributeStatementHelper method getAutoFedAttributeStatement.
/**
* Gets a SAML <code>AttributeStatement</code> by using an
* <code>AutoFederate</code> attribute that is configured in Local Provider.
* @param realm The realm under which the entity resides.
* @param entityID Host Provider's entity ID.
* @param sub Liberty Subject.
* @param ssoToken session of the user
* @return Generated Auto Federate Attribute Statement.
* @exception FSException if an error occurred
*/
public static AttributeStatement getAutoFedAttributeStatement(String realm, String entityID, FSSubject sub, Object ssoToken) throws FSException {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
BaseConfigType hostConfig = null;
try {
if (metaManager != null) {
hostConfig = metaManager.getIDPDescriptorConfig(realm, entityID);
}
} catch (IDFFMetaException fae) {
FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: IDFFMetaException ", fae);
throw new FSException(fae);
}
String autoFedAttr = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.AUTO_FEDERATION_ATTRIBUTE);
if (autoFedAttr == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAttributeStatementHelper.getAutoFed:" + "AttributeStatement: AutoFederate Attribute is null");
}
return null;
}
List values = new ArrayList();
try {
String userID = SessionManager.getProvider().getPrincipalName(ssoToken);
DataStoreProvider provider = DataStoreProviderManager.getInstance().getDataStoreProvider(IFSConstants.IDFF);
Set vals = provider.getAttribute(userID, autoFedAttr);
Iterator iter = vals.iterator();
while (iter.hasNext()) {
values.add(getAttributeValue((String) iter.next()));
}
} catch (SessionException se) {
FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: SessionException ", se);
throw new FSException(se);
} catch (DataStoreProviderException ie) {
FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: DataStoreProviderException ", ie);
throw new FSException(ie);
}
if (values == null || values.size() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAtributeStatementHelper.getAuto:" + "FedAttributeStatement. No values for autofed attribute");
}
return null;
}
try {
Attribute attribute = new Attribute(IFSConstants.AUTO_FED_ATTR, IFSConstants.assertionSAMLNameSpaceURI, values);
List attributeList = new ArrayList();
attributeList.add(attribute);
return new AttributeStatement(sub, attributeList);
} catch (SAMLException ex) {
FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: SAMLException ", ex);
throw new FSException(ex);
}
}
Also used :
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
Set(java.util.Set)
Attribute(com.sun.identity.saml.assertion.Attribute)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
DataStoreProvider(com.sun.identity.plugin.datastore.DataStoreProvider)
ArrayList(java.util.ArrayList)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
FSException(com.sun.identity.federation.common.FSException)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 7 with Attribute
use of com.sun.identity.saml.assertion.Attribute in project OpenAM by OpenRock.
the class DefaultSiteAttributeMapper method getAttributes.
/**
* Returns <code>List</code> of <code>Attribute</code> objects
*
* @param token User's session.
* @param request The HttpServletRerquest object of the request which
* may contains query attributes to be included in the
* Assertion. This could be null if unavailable.
* @param response The HttpServletResponse object. This could be null
* if unavailable.
* @param targetURL value for TARGET query parameter when the user
* accessing the SAML aware servlet or post profile
* servlet. This could be null if unavailabl
* @return <code>List</code> if <code>Attribute</code> objects.
* <code>Attribute</code> is defined in the SAML SDK as part of
* <code>com.sun.identity.saml.assertion</code> package.
* @throws SAMLException if attributes cannot be obtained.
*/
public List getAttributes(Object token, HttpServletRequest request, HttpServletResponse response, String targetURL) throws SAMLException {
Map attrMap = (Map) SAMLServiceManager.getAttribute(SAMLConstants.ATTRIBUTE_MAP);
if ((attrMap == null) || (attrMap.isEmpty())) {
return null;
}
Set localAttrNames = new HashSet();
localAttrNames.addAll(attrMap.values());
Map localValueMap = null;
try {
DataStoreProvider dsProvider = DataStoreProviderManager.getInstance().getDataStoreProvider(SAMLConstants.SAML);
localValueMap = dsProvider.getAttributes(SessionManager.getProvider().getPrincipalName(token), localAttrNames);
} catch (Exception ex) {
if (SAMLUtils.debug.warningEnabled()) {
SAMLUtils.debug.warning("DefaultSiteAttributeMapper." + "getAttributes:", ex);
}
}
List samlAttrs = null;
for (Iterator iter = attrMap.keySet().iterator(); iter.hasNext(); ) {
String samlAttrName = (String) iter.next();
String localAttrName = (String) attrMap.get(samlAttrName);
String attrNamespace = null;
StringTokenizer tokenizer = new StringTokenizer(samlAttrName, "|");
int tokenCount = tokenizer.countTokens();
if (tokenCount == 1) {
attrNamespace = SAMLConstants.assertionSAMLNameSpaceURI;
} else if (tokenCount == 2) {
attrNamespace = tokenizer.nextToken();
samlAttrName = tokenizer.nextToken();
} else {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." + "getAttribute: invalid saml attribute in attribute " + " map. saml attribute = " + samlAttrName + ", the " + " syntax is namespace|attrName.");
}
continue;
}
String[] localAttrValues = null;
if ((localValueMap != null) && (!localValueMap.isEmpty())) {
Set values = (Set) localValueMap.get(localAttrName);
if ((values == null) || (values.isEmpty())) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." + "getAttribute: user profile does not have " + "value for " + localAttrName + " but is going to check ssotoken:");
}
} else {
localAttrValues = (String[]) values.toArray(new String[values.size()]);
}
}
if (localAttrValues == null) {
try {
localAttrValues = SessionManager.getProvider().getProperty(token, localAttrName);
} catch (SessionException ex) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." + "getAttribute:", ex);
}
}
}
if ((localAttrValues == null) || (localAttrValues.length == 0)) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." + "getAttribute: user does not have " + localAttrName);
}
} else {
Attribute samlAttr = getSAMLAttribute(samlAttrName, attrNamespace, localAttrValues);
if (samlAttr != null) {
if (samlAttrs == null) {
samlAttrs = new ArrayList();
}
samlAttrs.add(samlAttr);
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultSiteAttributeMapper." + "getAttribute: add atttribute = " + samlAttrName + ", attrNamespace = " + attrNamespace + ", values = " + localAttrValues);
}
}
}
}
return samlAttrs;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
Attribute(com.sun.identity.saml.assertion.Attribute)
DataStoreProvider(com.sun.identity.plugin.datastore.DataStoreProvider)
ArrayList(java.util.ArrayList)
SessionException(com.sun.identity.plugin.session.SessionException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
StringTokenizer(java.util.StringTokenizer)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 8 with Attribute
use of com.sun.identity.saml.assertion.Attribute in project OpenAM by OpenRock.
the class AssertionManagerClient method createAssertion.
/**
* Returns an assertion that contains an authentication and attribute
* statement.
* @param token User session that contains authentication
* information which is needed to create the authentication
* statement for the assertion.
* @param attributes A list of attribute objects which are used to create
* the attribute statement.
* @return The created assertion.
* @throws SAMLException If the Assertion cannot be created.
*/
public Assertion createAssertion(Object token, List attributes) throws SAMLException {
if (useLocal) {
return (assertionManager.createAssertion(token, attributes));
}
// Check for null or empty attributes
if (attributes == null || attributes.isEmpty())
return (createAssertion(token));
String assertion = null;
try {
List attrs = new LinkedList();
for (Iterator iter = attributes.iterator(); iter.hasNext(); ) {
Attribute attribute = (Attribute) iter.next();
attrs.add(attribute.toString(true, true));
}
SessionProvider sessionProvider = SessionManager.getProvider();
Object[] args = { sessionProvider.getSessionID(token), attrs };
assertion = (String) stub.send("createAssertion2", args, null, null);
return (new Assertion(XMLUtils.toDOMDocument(assertion, SAMLUtils.debug).getDocumentElement()));
} catch (Exception re) {
if (SAMLUtils.debug.warningEnabled()) {
SAMLUtils.debug.warning("AMC:createAssertion(SSO, attrs)", re);
}
throw (new SAMLException(re.getMessage()));
}
}
Also used :
Attribute(com.sun.identity.saml.assertion.Attribute)
Assertion(com.sun.identity.saml.assertion.Assertion)
SAMLException(com.sun.identity.saml.common.SAMLException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 9 with Attribute
use of com.sun.identity.saml.assertion.Attribute in project OpenAM by OpenRock.
the class SAMLUtils method addEnvParamsFromAssertion.
/**
* Returns attributes included in <code>AttributeStatement</code> of the
* assertion.
* @param envParameters return map which includes name value pairs of
* attributes included in <code>AttributeStatement</code> of the assertion
* @param assertion an <code>Assertion</code> object which contains
* <code>AttributeStatement</code>
* @param subject the <code>Subject</code> instance from
* <code>AuthenticationStatement</code>. The <code>Subject</code>
* included in <code>AttributeStatement</code> must match this
* <code>Subject</code> instance.
*/
public static void addEnvParamsFromAssertion(Map envParameters, Assertion assertion, com.sun.identity.saml.assertion.Subject subject) {
Set statements = assertion.getStatement();
Statement statement = null;
Iterator stmtIter = null;
List attrs = null;
Iterator attrIter = null;
Attribute attribute = null;
Element attrValue = null;
List attrValues = null;
String attrName = null;
String attrValueString = null;
if ((statements != null) && (!statements.isEmpty())) {
stmtIter = statements.iterator();
while (stmtIter.hasNext()) {
statement = (Statement) stmtIter.next();
if (statement.getStatementType() == Statement.ATTRIBUTE_STATEMENT) {
// check for subject
if (!subject.equals(((AttributeStatement) statement).getSubject())) {
continue;
}
attrs = ((AttributeStatement) statement).getAttribute();
attrIter = attrs.iterator();
while (attrIter.hasNext()) {
attribute = (Attribute) attrIter.next();
try {
attrValues = attribute.getAttributeValue();
} catch (Exception e) {
debug.error("SAMLUtils.addEnvParamsFromAssertion:" + " cannot obtain attribute value:", e);
continue;
}
attrName = attribute.getAttributeName();
List attrValueList = null;
for (Iterator avIter = attrValues.iterator(); avIter.hasNext(); ) {
attrValue = (Element) avIter.next();
if (!XMLUtils.hasElementChild(attrValue)) {
attrValueString = XMLUtils.getElementValue(attrValue);
if (attrValueList == null) {
attrValueList = new ArrayList();
}
attrValueList.add(attrValueString);
}
}
if (attrValueList != null) {
if (debug.messageEnabled()) {
debug.message("SAMLUtils.addEnvParamsFromAssertion:" + " attrName = " + attrName + " attrValue = " + attrValueList);
}
String[] attrValueStrs = (String[]) attrValueList.toArray(new String[attrValueList.size()]);
try {
envParameters.put(attrName, attrValueStrs);
} catch (Exception ex) {
if (debug.messageEnabled()) {
debug.message("SAMLUtils.addEnvParamsFromAssertion:", ex);
}
}
} else if (debug.messageEnabled()) {
if (debug.messageEnabled()) {
debug.message("SAMLUtils.addEnvParamsFromAssertion:" + " attrName = " + attrName + " has no value");
}
}
}
}
// if it's an attribute statement
}
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
Attribute(com.sun.identity.saml.assertion.Attribute)
Statement(com.sun.identity.saml.assertion.Statement)
AuthenticationStatement(com.sun.identity.saml.assertion.AuthenticationStatement)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
SubjectStatement(com.sun.identity.saml.assertion.SubjectStatement)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
CharacterIterator(java.text.CharacterIterator)
Iterator(java.util.Iterator)
StringCharacterIterator(java.text.StringCharacterIterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
ArrayList(java.util.ArrayList)
ServletException(javax.servlet.ServletException)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
SessionException(com.sun.identity.plugin.session.SessionException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
Example 10 with Attribute
use of com.sun.identity.saml.assertion.Attribute in project OpenAM by OpenRock.
the class FSDefaultRealmAttributePlugin method getAttributeStatements.
/**
* Returns list of <code>AttributeStatement</code>s by using attribute
* map defined in the configuration.
* @param realm The realm under which the entity resides.
* @param hostEntityId Hosted identity provider entity id.
* @param remoteEntityID Remote provider's entity id
* @param subject Subject subject of the authenticated principal.
* @param token user's session.
* @return list of SAML <code>AttributeStatement<code>s.
*/
public List getAttributeStatements(String realm, String hostEntityId, String remoteEntityID, FSSubject subject, Object token) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttributeStatements");
Map attributeMap = null;
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager != null) {
IDPDescriptorConfigElement idpConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
if (idpConfig != null) {
Map attributes = IDFFMetaUtils.getAttributes(idpConfig);
attributeMap = FSServiceUtils.parseAttributeConfig((List) attributes.get(IFSConstants.IDP_ATTRIBUTE_MAP));
}
}
} catch (IDFFMetaException me) {
FSUtils.debug.error("FSDefaultAttributePlugin.getAttribute" + "Statements: meta exception.", me);
return null;
}
if (attributeMap == null || attributeMap.isEmpty()) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Statements: Attribute map configuration is empty.");
}
return null;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Statements: Attribute map configuration: " + attributeMap);
}
}
List statements = new ArrayList();
List attributes = new ArrayList();
try {
Iterator iter = attributeMap.entrySet().iterator();
while (iter.hasNext()) {
Map.Entry entry = (Map.Entry) iter.next();
String attributeName = (String) entry.getKey();
String attributeValue = getAttributeValue(token, (String) entry.getValue());
if (attributeValue != null) {
Attribute attr = new Attribute(attributeName, SAMLConstants.assertionSAMLNameSpaceURI, attributeValue);
attributes.add(attr);
}
}
AttributeStatement statement = new AttributeStatement(subject, attributes);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Statements: attribute statement: " + statement.toString());
}
statements.add(statement);
return statements;
} catch (SAMLException ex) {
FSUtils.debug.error("FSDefaultAttributePlugin.getAttribute" + "Statements: SAML Exception", ex);
}
return new ArrayList();
}
Also used :
Attribute(com.sun.identity.saml.assertion.Attribute)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ArrayList(java.util.ArrayList)
SAMLException(com.sun.identity.saml.common.SAMLException)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)
Map(java.util.Map)
Aggregations
Attribute (com.sun.identity.saml.assertion.Attribute)14
SAMLException (com.sun.identity.saml.common.SAMLException)13
List (java.util.List)12
Iterator (java.util.Iterator)11
ArrayList (java.util.ArrayList)8
Map (java.util.Map)7
Set (java.util.Set)7
AttributeStatement (com.sun.identity.saml.assertion.AttributeStatement)6
HashSet (java.util.HashSet)6
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)5
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)5
SessionException (com.sun.identity.plugin.session.SessionException)5
HashMap (java.util.HashMap)4
DataStoreProvider (com.sun.identity.plugin.datastore.DataStoreProvider)3
IDPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)2
SPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)2
DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)2
SessionProvider (com.sun.identity.plugin.session.SessionProvider)2
Assertion (com.sun.identity.saml.assertion.Assertion)2
WSFederationException (com.sun.identity.wsfederation.common.WSFederationException)2
