Example 11 with NameIdentifier
use of com.sun.identity.saml.assertion.NameIdentifier in project OpenAM by OpenRock.
the class FSNameRegistrationHandler method createNameRegistrationRequest.
/**
* Generates the Name Registration request.
* @return FSNameRegistrationRequest
*/
private FSNameRegistrationRequest createNameRegistrationRequest(FSAccountFedInfo acctInfo) {
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Entered FSNameRegistrationHandler:: " + "createNameRegistrationRequest");
}
FSNameRegistrationRequest reqName = new FSNameRegistrationRequest();
if (reqName != null) {
reqName.setProviderId(hostedEntityId);
if (acctInfo.isRoleIDP()) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("calling of generateNameIdentifier Role : IdP ? " + acctInfo.isRoleIDP());
}
NameIdentifier nameIdentifier = generateNameIdentifier();
if (acctInfo.getAffiliation()) {
String affiliationID = FSServiceUtils.getAffiliationID(realm, remoteEntityId);
if (affiliationID != null) {
nameIdentifier.setNameQualifier(affiliationID);
}
} else {
nameIdentifier.setNameQualifier(hostedEntityId);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("out of generateNameIdentifier ****" + "\nNew SP nameIdentifier Qualifier: " + nameIdentifier.getNameQualifier() + "\nNew SP nameIdentifier Name :" + nameIdentifier.getName());
}
SPProvidedNameIdentifier newNameIdenifier = new SPProvidedNameIdentifier(nameIdentifier.getName(), nameIdentifier.getNameQualifier(), nameIdentifier.getFormat());
NameIdentifier remoteIdentifier = acctInfo.getRemoteNameIdentifier();
NameIdentifier localIdentifier = acctInfo.getLocalNameIdentifier();
reqName.setIDPProvidedNameIdentifier(new IDPProvidedNameIdentifier(remoteIdentifier.getName(), remoteIdentifier.getNameQualifier(), remoteIdentifier.getFormat()));
reqName.setSPProvidedNameIdentifier(newNameIdenifier);
if (localIdentifier != null) {
reqName.setOldProvidedNameIdentifier(new OldProvidedNameIdentifier(localIdentifier.getName(), localIdentifier.getNameQualifier(), localIdentifier.getFormat()));
try {
oldAcctKey = new FSAccountFedInfoKey(localIdentifier.getNameQualifier(), localIdentifier.getName());
} catch (FSAccountMgmtException e) {
oldAcctKey = null;
}
} else {
// when Service Provider sends the name reg. request
// for the first time, OldProvidedNameIdentifier is
// same as the IDPProvidedNameIdentifier as per the spec
reqName.setOldProvidedNameIdentifier(new OldProvidedNameIdentifier(remoteIdentifier.getName(), remoteIdentifier.getNameQualifier(), remoteIdentifier.getFormat()));
try {
oldAcctKey = new FSAccountFedInfoKey(remoteIdentifier.getNameQualifier(), remoteIdentifier.getName());
} catch (FSAccountMgmtException e) {
oldAcctKey = null;
}
}
try {
FSAccountFedInfoKey tmpKey = new FSAccountFedInfoKey(nameIdentifier.getNameQualifier(), nameIdentifier.getName());
FSAccountFedInfo tmpInfo = new FSAccountFedInfo(remoteEntityId, newNameIdenifier, remoteIdentifier, acctInfo.isRoleIDP());
tmpInfo.setAffiliation(acctInfo.getAffiliation());
returnMap.put("userID", userID);
returnMap.put("OldAccountKey", oldAcctKey);
if (oldAcctKey != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Get OldAcctKet Name : " + oldAcctKey.getName() + "\nGet OldAcctKet Qualifier : " + oldAcctKey.getNameSpace());
}
} else {
FSUtils.debug.message("OldAccount Key is null");
}
returnMap.put("AccountKey", tmpKey);
returnMap.put("AccountInfo", tmpInfo);
returnMap.put("RegisSource", regisSource);
returnMap.put(IFSConstants.LRURL, returnURL);
} catch (FSAccountMgmtException e) {
return null;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("calling of generateNameIdenti" + "fier Role : IdP ? " + acctInfo.isRoleIDP());
}
NameIdentifier nameIdentifier = generateNameIdentifier();
if (acctInfo.getAffiliation()) {
String affiliationID = FSServiceUtils.getAffiliationID(realm, remoteEntityId);
if (affiliationID != null) {
nameIdentifier.setNameQualifier(affiliationID);
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("New IDP nameIdentifier Name : " + nameIdentifier.getName() + "\nNew IDP nameIdentifier Qualifier :" + nameIdentifier.getNameQualifier() + "out of generateNameIdentifier*****");
}
IDPProvidedNameIdentifier newNameIdenifier = new IDPProvidedNameIdentifier(nameIdentifier.getName(), nameIdentifier.getNameQualifier(), nameIdentifier.getFormat());
NameIdentifier remoteIdentifier = // SP
acctInfo.getRemoteNameIdentifier();
NameIdentifier localIdentifier = // IdP
acctInfo.getLocalNameIdentifier();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Old IDP nameIdentifier Name : " + localIdentifier.getName() + "\nOld IDP nameIdentifier Qualifier :" + localIdentifier.getNameQualifier());
}
FSUtils.debug.message("To set OldProvidedNameIdentifier");
reqName.setOldProvidedNameIdentifier(new OldProvidedNameIdentifier(localIdentifier.getName(), localIdentifier.getNameQualifier(), localIdentifier.getFormat()));
FSUtils.debug.message("To set IdpProvidedNameIdentifier");
reqName.setIDPProvidedNameIdentifier(newNameIdenifier);
if (remoteIdentifier != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("SP nameIdentifier Name : " + remoteIdentifier.getName() + "SP nameIdentifier Qualifier :" + remoteIdentifier.getNameQualifier());
}
SPProvidedNameIdentifier spNameIdentifier = new SPProvidedNameIdentifier(remoteIdentifier.getName(), remoteIdentifier.getNameQualifier(), remoteIdentifier.getFormat());
reqName.setSPProvidedNameIdentifier(spNameIdentifier);
}
try {
oldAcctKey = new FSAccountFedInfoKey(hostedEntityId, localIdentifier.getName());
FSAccountFedInfoKey tmpKey = new FSAccountFedInfoKey(nameIdentifier.getNameQualifier(), nameIdentifier.getName());
FSAccountFedInfo tmpInfo = new FSAccountFedInfo(remoteEntityId, newNameIdenifier, remoteIdentifier, acctInfo.isRoleIDP());
returnMap.put("userID", userID);
returnMap.put("OldAccountKey", oldAcctKey);
returnMap.put("AccountKey", tmpKey);
returnMap.put("AccountInfo", tmpInfo);
returnMap.put("RegisSource", regisSource);
returnMap.put(IFSConstants.LRURL, returnURL);
if (oldAcctKey != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Get OldAcctKet Name : " + oldAcctKey.getName() + "\nGet OldAcctKet Qualifier: " + oldAcctKey.getNameSpace());
}
} else {
FSUtils.debug.message("OldAccount Key is null");
}
} catch (FSAccountMgmtException e) {
return null;
}
}
reqName.setMinorVersion(FSServiceUtils.getMinorVersion(remoteDescriptor.getProtocolSupportEnumeration()));
return reqName;
}
} catch (SAMLException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("got SAMLException:", e);
}
}
return null;
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)
SPProvidedNameIdentifier(com.sun.identity.federation.message.common.SPProvidedNameIdentifier)
OldProvidedNameIdentifier(com.sun.identity.federation.message.common.OldProvidedNameIdentifier)
SPProvidedNameIdentifier(com.sun.identity.federation.message.common.SPProvidedNameIdentifier)
FSNameRegistrationRequest(com.sun.identity.federation.message.FSNameRegistrationRequest)
IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLException(com.sun.identity.saml.common.SAMLException)
OldProvidedNameIdentifier(com.sun.identity.federation.message.common.OldProvidedNameIdentifier)
Example 12 with NameIdentifier
use of com.sun.identity.saml.assertion.NameIdentifier in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method createSingleLogoutRequest.
/**
* Creates the logoutNotification message for a provider.
* @param acctInfo the curerent user-provider information
* @param sessionIndex to be sent as part of lgout request
* @return the logout request
*/
private FSLogoutNotification createSingleLogoutRequest(FSAccountFedInfo acctInfo, String sessionIndex) {
FSUtils.debug.message("Entered FSSingleLogoutHandler::createSingleLogoutRequest");
FSLogoutNotification reqName = new FSLogoutNotification();
if (reqName != null) {
NameIdentifier nameIdentifier = acctInfo.getRemoteNameIdentifier();
if (nameIdentifier == null) {
nameIdentifier = acctInfo.getLocalNameIdentifier();
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Hosted Provider Id : " + hostedEntityId);
}
reqName.setProviderId(hostedEntityId);
reqName.setNameIdentifier(nameIdentifier);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Session index is " + sessionIndex);
}
if (sessionIndex != null) {
reqName.setSessionIndex(sessionIndex);
}
return reqName;
}
return null;
}
Also used :
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
FSLogoutNotification(com.sun.identity.federation.message.FSLogoutNotification)
Example 13 with NameIdentifier
use of com.sun.identity.saml.assertion.NameIdentifier in project OpenAM by OpenRock.
the class FSFedTerminationHandler method updateAccountInformation.
/**
* Updates the user account information. After sucessful operation,
* the federation status corresponding to the user with the remote provider
* is set to inactive.
* @param ni <code>NameIdentifier</code> object corresponding to a user
* @return boolean containing the status of the update operation
*/
protected boolean updateAccountInformation(NameIdentifier ni) {
try {
FSUtils.debug.message("FSFedTerminationHandler::updateAccountInformation: start");
String searchDomain = remoteEntityId;
// get name identifier to remove it from federation info key
String nameId = null;
String nameQualifier = null;
if (ni != null) {
nameQualifier = ni.getNameQualifier();
if (nameQualifier != null && (nameQualifier.length() != 0) && !nameQualifier.equals(remoteEntityId)) {
searchDomain = nameQualifier;
}
nameId = ni.getName();
}
if (nameId == null && acctInfo != null) {
FSUtils.debug.message("FSAccountManager: getnameId in accInfo");
NameIdentifier temp = acctInfo.getLocalNameIdentifier();
if (temp != null) {
nameId = temp.getName();
nameQualifier = temp.getNameQualifier();
} else {
temp = acctInfo.getRemoteNameIdentifier();
if (temp != null) {
nameId = temp.getName();
nameQualifier = temp.getNameQualifier();
}
}
}
FSAccountFedInfoKey fedInfoKey = new FSAccountFedInfoKey(nameQualifier, nameId);
managerInst.removeAccountFedInfo(userID, fedInfoKey, searchDomain);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSFedTerminationHandler:: " + "updateAccountInformation deactivate successfully completed");
}
} catch (FSAccountMgmtException e) {
FSUtils.debug.error("FSFedTerminationHandler::updateAccountInformation " + FSUtils.bundle.getString(IFSConstants.TERMINATION_LOCAL_FAILED));
String[] data = { userID };
LogUtil.error(Level.INFO, LogUtil.TERMINATION_FAILED, data, ssoToken);
return false;
}
// Clean SessionMap off the partner to be done here.
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Cleaning Session manager for user : " + userID);
FSUtils.debug.message("Cleaning Session manager for remote provider: " + remoteEntityId);
FSUtils.debug.message("Cleaning Session manager for hosted provider: " + hostedEntityId);
}
FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityId, metaAlias, null);
return true;
}
Also used :
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
Example 14 with NameIdentifier
use of com.sun.identity.saml.assertion.NameIdentifier in project OpenAM by OpenRock.
the class FSFedTerminationHandler method createFederationTerminationRequest.
/**
* Generates Federation termination request based onthe
* <code>FSAccountFedInfo</code> object that represents the account
* federation for a user between 2 providers.
* @param acctInfo represents the current user account information
* @return termination request message
*/
private FSFederationTerminationNotification createFederationTerminationRequest(FSAccountFedInfo acctInfo) {
FSUtils.debug.message("FSFedTerminationHandler::createFederationTerminationRequest:");
FSFederationTerminationNotification reqName = new FSFederationTerminationNotification();
if (reqName != null) {
NameIdentifier nameIdentifier = acctInfo.getRemoteNameIdentifier();
if (nameIdentifier == null) {
nameIdentifier = acctInfo.getLocalNameIdentifier();
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("SP Provider Id : " + hostedEntityId);
}
reqName.setProviderId(hostedEntityId);
reqName.setNameIdentifier(nameIdentifier);
// TODO: Any more member settings + signature
return reqName;
} else {
FSUtils.debug.message("failed to create termination request");
FSUtils.debug.error("FSFedTerminationHandler::createFederationTerminationRequest " + FSUtils.bundle.getString(IFSConstants.TERMINATION_REQUEST_CREATION));
return null;
}
}
Also used :
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
FSFederationTerminationNotification(com.sun.identity.federation.message.FSFederationTerminationNotification)
Example 15 with NameIdentifier
use of com.sun.identity.saml.assertion.NameIdentifier in project OpenAM by OpenRock.
the class LibertyManager method getMappedNameIdentifier.
/**
* Returns <code>NameIdentifier</code> between the IDP and
* the other SP for the same principal. This method should
* be used by the code on the hosted SP, where the user
* has logged in, and has an account linking with the IDP.
* Futhermore, the same principal has an account linking
* between his/her other (remote) SP account and the IDP
* account.
*
* @param hostedSPMetaAlias The <code>metaAlias</code> of
* the local service provider.
* @param ssoToken The session token of the logged-
* in user on the local service provider.
* @param remoteSPEntityID The entity ID of the remote
* service provider. In other words, it is the targeted
* name space for the returned name identifier.
* @return <code>NameIdentifier</code> of the same principal
* but original established between the remote SP and
* the IDP
*/
public static NameIdentifier getMappedNameIdentifier(String hostedSPMetaAlias, Object ssoToken, String remoteSPEntityID) {
String classMethod = "LibertyManager.getMappedNameIdentifier: ";
String hostedEntityID = getEntityID(hostedSPMetaAlias);
String realm = IDFFMetaUtils.getRealmByMetaAlias(hostedSPMetaAlias);
if (debug.messageEnabled()) {
debug.message("NameMappingRequester: hostedEntityID=" + hostedEntityID);
}
SPDescriptorType hostedDescriptor = null;
BaseConfigType hostedConfig = null;
try {
hostedDescriptor = metaManager.getSPDescriptor(realm, hostedEntityID);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityID);
} catch (IDFFMetaException ie) {
debug.error(classMethod + "couldn't obtain hosted meta:", ie);
return null;
}
String userID = null;
try {
userID = SessionManager.getProvider().getPrincipalName(ssoToken);
} catch (SessionException ssoe) {
debug.error("SessionException caught when trying to " + "get user DN from session token:", ssoe);
return null;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "userID=" + userID);
}
FSNameMappingHandler handler = new FSNameMappingHandler(hostedEntityID, hostedDescriptor, hostedConfig, hostedSPMetaAlias);
NameIdentifier ni = null;
if (debug.messageEnabled()) {
debug.message(classMethod + "targetNamespace (remoteSPEntityID)=" + remoteSPEntityID);
}
FSSessionManager sMgr = FSSessionManager.getInstance(hostedSPMetaAlias);
FSSession sess = null;
if (sMgr != null) {
sess = sMgr.getSession(ssoToken);
}
FSSessionPartner partner = null;
if (sess != null) {
partner = sess.getCurrentSessionPartner();
} else {
debug.error(classMethod + "session is null");
return null;
}
String remoteIDPEntityID = null;
if (partner != null) {
remoteIDPEntityID = partner.getPartner();
}
if (debug.messageEnabled()) {
debug.message(classMethod + "Remote IDP EntityID = " + remoteIDPEntityID);
}
try {
ni = handler.getNameIdentifier(userID, remoteIDPEntityID, true);
} catch (Exception e) {
debug.error(classMethod + "Exception caught when trying to get Name " + "Identifier between local SP and remote IDP: ", e);
return null;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "Name Identifier between local SP and " + " remote IDP: " + ni.toString());
}
FSNameIdentifierMappingRequest mappingRequest = null;
try {
mappingRequest = new FSNameIdentifierMappingRequest(hostedEntityID, ni, remoteSPEntityID);
} catch (com.sun.identity.federation.message.common.FSMsgException fe) {
debug.error(classMethod, fe);
return null;
}
if (FSServiceUtils.isSigningOn()) {
try {
mappingRequest.signXML(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS));
} catch (SAMLException se) {
debug.error(classMethod, se);
return null;
}
}
IDPDescriptorType remoteProviderDesc = null;
try {
remoteProviderDesc = metaManager.getIDPDescriptor(realm, remoteIDPEntityID);
} catch (IDFFMetaException fme1) {
debug.error(classMethod, fme1);
return null;
}
String remoteSOAPEndPoint = remoteProviderDesc.getSoapEndpoint();
if (debug.messageEnabled()) {
debug.message(classMethod + "IDP's soap end point=" + remoteSOAPEndPoint);
}
FSSOAPService soapService = FSSOAPService.getInstance();
SOAPMessage returnMsg = null;
try {
SOAPMessage msg = soapService.bind(mappingRequest.toXMLString(true, true));
returnMsg = soapService.sendMessage(msg, remoteSOAPEndPoint);
} catch (FSMsgException mex) {
debug.error(classMethod, mex);
return null;
} catch (java.io.IOException ioe) {
debug.error(classMethod, ioe);
return null;
} catch (javax.xml.soap.SOAPException soape) {
debug.error(classMethod, soape);
return null;
}
Element elt = soapService.parseSOAPMessage(returnMsg);
FSNameIdentifierMappingResponse mappingResponse = null;
try {
mappingResponse = new FSNameIdentifierMappingResponse(elt);
} catch (FSMsgException fme2) {
debug.error(classMethod, fme2);
return null;
}
if (debug.messageEnabled()) {
String resStr = null;
try {
resStr = mappingResponse.toXMLString();
} catch (FSMsgException fme3) {
debug.error(classMethod, fme3);
return null;
}
debug.message(classMethod + "NameIdentifierMappingResponse: " + resStr);
}
if (FSServiceUtils.isSigningOn()) {
if (FSNameMappingHandler.verifyNameIdMappingResponseSignature(elt, returnMsg, realm)) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Success in verifying Name Identifier Mapping" + " Response Signature");
}
} else {
debug.error(classMethod + "Failed verifying Name Identifier Mapping " + "Response");
return null;
}
}
return mappingResponse.getNameIdentifier();
}
Also used :
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSSOAPService(com.sun.identity.federation.services.FSSOAPService)
SAMLException(com.sun.identity.saml.common.SAMLException)
SOAPMessage(javax.xml.soap.SOAPMessage)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSNameIdentifierMappingResponse(com.sun.identity.federation.message.FSNameIdentifierMappingResponse)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
COTException(com.sun.identity.cot.COTException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSLoginHelperException(com.sun.identity.federation.services.FSLoginHelperException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
FSNameMappingHandler(com.sun.identity.federation.services.namemapping.FSNameMappingHandler)
FSNameIdentifierMappingRequest(com.sun.identity.federation.message.FSNameIdentifierMappingRequest)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
Aggregations
NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)39
SAMLException (com.sun.identity.saml.common.SAMLException)17
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)11
FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)10
FSException (com.sun.identity.federation.common.FSException)10
SessionException (com.sun.identity.plugin.session.SessionException)10
Map (java.util.Map)10
FSAccountFedInfoKey (com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)9
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)9
HashMap (java.util.HashMap)8
List (java.util.List)8
Set (java.util.Set)6
IDPProvidedNameIdentifier (com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)5
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)5
SessionProvider (com.sun.identity.plugin.session.SessionProvider)5
Iterator (java.util.Iterator)5
FSAssertion (com.sun.identity.federation.message.FSAssertion)4
FSSubject (com.sun.identity.federation.message.FSSubject)4
EncryptedNameIdentifier (com.sun.identity.federation.message.common.EncryptedNameIdentifier)4
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)4
