Examples with Evidence com.sun.identity.saml.assertion.Evidence used on opensource projects

Example 1 with Evidence

use of com.sun.identity.saml.assertion.Evidence in project OpenAM by OpenRock.

the class DefaultActionMapper method getSSOAssertion.

/**
     * This method exams the Evidence in the AuthorizationDecisionQuery.
     * It returns the first valid Assertion that contains at least one
     * AuthenticationStatement.
     * <p>
     * @see com.sun.identity.saml.plugins.ActionMapper#getSSOAssertion
     */
public Assertion getSSOAssertion(AuthorizationDecisionQuery query, String sourceID) {
    if (query == null) {
        return null;
    }
    Assertion assertion = null;
    // check evidence
    Evidence evi = query.getEvidence();
    if (evi != null) {
        Set assertions = evi.getAssertion();
        if (assertions != null) {
            Iterator iter = assertions.iterator();
            while (iter.hasNext()) {
                assertion = (Assertion) iter.next();
                if (SAMLUtils.isAuthNAssertion(assertion)) {
                    return assertion;
                }
            }
        // loop through assertions
        }
        Set idRefs = evi.getAssertionIDReference();
        if (idRefs != null) {
            Iterator iter = idRefs.iterator();
            try {
                AssertionManager am = AssertionManager.getInstance();
                AssertionIDReference idRef = null;
                while (iter.hasNext()) {
                    idRef = (AssertionIDReference) iter.next();
                    try {
                        // get the assertion from server id
                        String remoteUrl = SAMLUtils.getServerURL(idRef.getAssertionIDReference());
                        if (remoteUrl != null) {
                            // call AssertionManagerClient.getAssertion
                            if (SAMLUtils.debug.messageEnabled()) {
                                SAMLUtils.debug.message("DefaultActionMap" + "per: calling another in lb site:" + remoteUrl);
                            }
                            AssertionManagerClient amc = new AssertionManagerClient(SAMLUtils.getFullServiceURL(remoteUrl));
                            assertion = amc.getAssertion(idRef, sourceID);
                        } else {
                            assertion = am.getAssertion(idRef, sourceID);
                        }
                    } catch (Exception e) {
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message("DefaultActionMapper." + "getSSOAssertion: exception when retrieving " + "Assertion from IDRef:" + e);
                        }
                        continue;
                    }
                    if (SAMLUtils.isAuthNAssertion(assertion)) {
                        return assertion;
                    }
                }
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("DefaultActionMapper: Couldn't" + " obtain AssertionManager instance:" + e);
                }
            }
        }
    }
    return null;
}

Example 2 with Evidence

use of com.sun.identity.saml.assertion.Evidence in project OpenAM by OpenRock.

the class DefaultActionMapper method getAuthorizationDecisions.

/**
     * This method first converts the AttributeStatements in Evidence to
     * OpenAM Policy API environment variables. The Attributes in
     * the AttributeStatement(s) are expected to be OpenAM
     * attributes.
     * It then query the Policy decision one action at a time. Currently,
     * it handles actions defined in urn:oasis:names:tc:SAML:1.0:ghpp only.
     * This action Namespace is mapped to OpenAM
     * iPlanetAMWebAgentService.
     */
public Map getAuthorizationDecisions(AuthorizationDecisionQuery query, Object token, String sourceID) throws SAMLException {
    if ((query == null) || (token == null)) {
        SAMLUtils.debug.message("DefaultActionMapper: null input.");
        throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
    }
    Evidence evidence = query.getEvidence();
    Subject querySubject = query.getSubject();
    Map envParameters = convertEvidence(evidence, querySubject, sourceID);
    List permitActions = new ArrayList();
    List denyActions = new ArrayList();
    List actions = query.getAction();
    Iterator iterator = actions.iterator();
    PolicyEvaluator pe = null;
    String resource = query.getResource();
    Action action = null;
    String actionNamespace = null;
    while (iterator.hasNext()) {
        action = (Action) iterator.next();
        // get ActionNameSpace
        actionNamespace = action.getNameSpace();
        if ((actionNamespace != null) && (actionNamespace.equals(SAMLConstants.ACTION_NAMESPACE_GHPP))) {
            try {
                if (pe == null) {
                    pe = new PolicyEvaluator("iPlanetAMWebAgentService");
                }
                boolean result = pe.isAllowed((SSOToken) token, resource, action.getAction(), envParameters);
                if (result) {
                    permitActions.add(action);
                } else {
                    denyActions.add(action);
                }
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("DefaultActionMapper: " + "Exception from policy:" + e);
                }
                // indeterminate
                continue;
            }
        }
    }
    // while loop for each action
    Map resultMap = new HashMap();
    if (!permitActions.isEmpty()) {
        resultMap.put(ActionMapper.PERMIT, permitActions);
    } else if (!denyActions.isEmpty()) {
        resultMap.put(ActionMapper.DENY, denyActions);
    } else {
        resultMap.put(ActionMapper.INDETERMINATE, actions);
    }
    return resultMap;
}