Example 11 with AttributeStatement
use of com.sun.identity.saml.assertion.AttributeStatement in project OpenAM by OpenRock.
the class FSDefaultRealmAttributePlugin method getAttributeStatements.
/**
* Returns list of <code>AttributeStatement</code>s by using attribute
* map defined in the configuration.
* @param realm The realm under which the entity resides.
* @param hostEntityId Hosted identity provider entity id.
* @param remoteEntityID Remote provider's entity id
* @param subject Subject subject of the authenticated principal.
* @param token user's session.
* @return list of SAML <code>AttributeStatement<code>s.
*/
public List getAttributeStatements(String realm, String hostEntityId, String remoteEntityID, FSSubject subject, Object token) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttributeStatements");
Map attributeMap = null;
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager != null) {
IDPDescriptorConfigElement idpConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
if (idpConfig != null) {
Map attributes = IDFFMetaUtils.getAttributes(idpConfig);
attributeMap = FSServiceUtils.parseAttributeConfig((List) attributes.get(IFSConstants.IDP_ATTRIBUTE_MAP));
}
}
} catch (IDFFMetaException me) {
FSUtils.debug.error("FSDefaultAttributePlugin.getAttribute" + "Statements: meta exception.", me);
return null;
}
if (attributeMap == null || attributeMap.isEmpty()) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Statements: Attribute map configuration is empty.");
}
return null;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Statements: Attribute map configuration: " + attributeMap);
}
}
List statements = new ArrayList();
List attributes = new ArrayList();
try {
Iterator iter = attributeMap.entrySet().iterator();
while (iter.hasNext()) {
Map.Entry entry = (Map.Entry) iter.next();
String attributeName = (String) entry.getKey();
String attributeValue = getAttributeValue(token, (String) entry.getValue());
if (attributeValue != null) {
Attribute attr = new Attribute(attributeName, SAMLConstants.assertionSAMLNameSpaceURI, attributeValue);
attributes.add(attr);
}
}
AttributeStatement statement = new AttributeStatement(subject, attributes);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Statements: attribute statement: " + statement.toString());
}
statements.add(statement);
return statements;
} catch (SAMLException ex) {
FSUtils.debug.error("FSDefaultAttributePlugin.getAttribute" + "Statements: SAML Exception", ex);
}
return new ArrayList();
}
Also used :
Attribute(com.sun.identity.saml.assertion.Attribute)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ArrayList(java.util.ArrayList)
SAMLException(com.sun.identity.saml.common.SAMLException)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)
Map(java.util.Map)
Example 12 with AttributeStatement
use of com.sun.identity.saml.assertion.AttributeStatement in project OpenAM by OpenRock.
the class LibSecurityTokenProvider method getSAMLToken.
/**
* Returns the Security Assertion.
*/
private SecurityAssertion getSAMLToken(NameIdentifier senderIdentity, SessionContext invocatorSession, Object resourceID, boolean includeAuthN, boolean includeResourceAccessStatement, String recipientProviderID, boolean isBear) throws SecurityTokenException {
if (debug.messageEnabled()) {
debug.message("getSAMLToken: isBear = " + isBear);
}
if (senderIdentity == null) {
debug.error("LibSecurityTokenProvider.getSAMLToken:senderIdentity is null");
throw new SecurityTokenException(bundle.getString("nullSenderIdentity"));
}
boolean statementNotFound = true;
SecurityAssertion assertion = null;
Set statements = new HashSet();
if (includeAuthN) {
AuthenticationStatement authStatement = createAuthenticationStatement(senderIdentity, isBear);
statements.add(authStatement);
statementNotFound = false;
}
if (includeResourceAccessStatement) {
ResourceAccessStatement ras = createResourceAccessStatement(senderIdentity, invocatorSession, resourceID, isBear);
statements.add(ras);
statementNotFound = false;
} else {
if (invocatorSession != null) {
SessionContextStatement scs = createSessionContextStatement(senderIdentity, invocatorSession, isBear);
statements.add(scs);
statementNotFound = false;
}
}
// make sure the statements is not empty
if (statementNotFound) {
debug.error("getSAMLAuthorizationToken: SAML statement should " + "not be null.");
throw new SecurityTokenException(bundle.getString("nullStatement"));
}
String issuer = DiscoServiceManager.getDiscoProviderID();
//Check for the attribute statements.
attributePlugin = getAttributePlugin();
if (attributePlugin != null) {
List attributes = attributePlugin.getAttributes(senderIdentity, resourceID, issuer);
if (attributes != null && attributes.size() != 0) {
AttributeStatement attributeStatement = createAttributeStatement(senderIdentity, attributes, isBear);
if (attributeStatement != null) {
statements.add(attributeStatement);
}
}
}
Date issueInstant = new Date();
try {
if (recipientProviderID != null) {
List audience = new ArrayList();
audience.add(recipientProviderID);
AudienceRestrictionCondition arc = new AudienceRestrictionCondition(audience);
Conditions conditions = new Conditions();
conditions.addAudienceRestrictionCondition(arc);
assertion = new SecurityAssertion("", issuer, issueInstant, conditions, statements);
} else {
assertion = new SecurityAssertion("", issuer, issueInstant, statements);
}
assertion.signXML(DEFAULT_TA_CERT_ALIAS_VALUE);
} catch (Exception e) {
debug.error("getSAMLToken.signXML", e);
throw new SecurityTokenException(bundle.getString("nullAssertion"));
}
return assertion;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
ArrayList(java.util.ArrayList)
AuthenticationStatement(com.sun.identity.saml.assertion.AuthenticationStatement)
Date(java.util.Date)
Conditions(com.sun.identity.saml.assertion.Conditions)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
ArrayList(java.util.ArrayList)
List(java.util.List)
AudienceRestrictionCondition(com.sun.identity.saml.assertion.AudienceRestrictionCondition)
HashSet(java.util.HashSet)
Aggregations
AttributeStatement (com.sun.identity.saml.assertion.AttributeStatement)12
Iterator (java.util.Iterator)10
SAMLException (com.sun.identity.saml.common.SAMLException)9
List (java.util.List)8
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)7
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)7
SessionException (com.sun.identity.plugin.session.SessionException)6
Attribute (com.sun.identity.saml.assertion.Attribute)6
ArrayList (java.util.ArrayList)6
Map (java.util.Map)5
Set (java.util.Set)5
Statement (com.sun.identity.saml.assertion.Statement)4
HashSet (java.util.HashSet)4
FSException (com.sun.identity.federation.common.FSException)3
AuthenticationStatement (com.sun.identity.saml.assertion.AuthenticationStatement)3
Conditions (com.sun.identity.saml.assertion.Conditions)3
SubjectConfirmation (com.sun.identity.saml.assertion.SubjectConfirmation)3
Date (java.util.Date)3
HashMap (java.util.HashMap)3
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)2
