Search in sources :

Example 16 with NameIdentifier

use of com.sun.identity.saml.assertion.NameIdentifier in project OpenAM by OpenRock.

the class FSDefaultSPAdapter method postSSOFederationSuccess.

/**
     * Invokes this method after the successful Single Sign-On or Federation.
     * @param hostedEntityID provider ID for the hosted SP
     * @param request servlet request
     * @param response servlet response
     * @param ssoToken user's SSO token
     * @param authnRequest the original authentication request sent from SP 
     * @param authnResponse response from IDP if Browser POST or LECP profile
     *        is used for the request, value will be null if Browser Artifact
     *        profile is used. 
     * @param samlResponse response from IDP if Browser Artifact profile is used
     *        for the request, value will be null if Browser POST or LECP 
     *        profile is used.
     * @exception FederationException if user want to fail the process.
     * @return true if browser redirection happened, false otherwise.
     */
public boolean postSSOFederationSuccess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, Object ssoToken, FSAuthnRequest authnRequest, FSAuthnResponse authnResponse, FSResponse samlResponse) throws FederationException {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSDefaultSPAdapter.postFedSuccess, " + "process " + hostedEntityID);
    }
    // find out if this is a federation request
    boolean isFederation = false;
    if (authnRequest == null) {
        FSUtils.debug.error("FSDefaultSPAdapter.postFedSuccess null");
    } else {
        String nameIDPolicy = authnRequest.getNameIDPolicy();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSDefaultSPAdapter.postSuccess " + nameIDPolicy);
        }
        if (nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_FEDERATED)) {
            isFederation = true;
        }
    }
    SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    if (isFederation && adminToken != null) {
        try {
            // get name Identifier
            String nameId = null;
            List assertions = null;
            String idpEntityId = null;
            if (authnResponse != null) {
                // POST profile
                assertions = authnResponse.getAssertion();
                idpEntityId = authnResponse.getProviderId();
            } else {
                // Artifact profile
                assertions = samlResponse.getAssertion();
            }
            FSAssertion assertion = (FSAssertion) assertions.iterator().next();
            if (idpEntityId == null) {
                idpEntityId = assertion.getIssuer();
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAdapter.postSuccess: idp=" + idpEntityId);
            }
            Iterator stmtIter = assertion.getStatement().iterator();
            while (stmtIter.hasNext()) {
                Statement statement = (Statement) stmtIter.next();
                int stmtType = statement.getStatementType();
                if (stmtType == Statement.AUTHENTICATION_STATEMENT) {
                    FSAuthenticationStatement authStatement = (FSAuthenticationStatement) statement;
                    FSSubject subject = (FSSubject) authStatement.getSubject();
                    NameIdentifier ni = subject.getIDPProvidedNameIdentifier();
                    if (ni == null) {
                        ni = subject.getNameIdentifier();
                    }
                    if (ni != null) {
                        nameId = ni.getName();
                    }
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAdapter.postSuccess: " + "found name id =" + nameId);
                    }
                    break;
                }
            }
            if (nameId == null) {
                FSUtils.debug.warning("FSAdapter.postSuc : null nameID");
                return false;
            }
            Map map = new HashMap();
            Set set = new HashSet();
            set.add("|" + hostedEntityID + "|" + nameId + "|");
            map.put("iplanet-am-user-federation-info-key", set);
            AMIdentityRepository idRepo = new AMIdentityRepository(adminToken, ((SSOToken) ssoToken).getProperty(ISAuthConstants.ORGANIZATION));
            IdSearchControl searchControl = new IdSearchControl();
            searchControl.setTimeOut(0);
            searchControl.setMaxResults(0);
            searchControl.setAllReturnAttributes(false);
            searchControl.setSearchModifiers(IdSearchOpModifier.AND, map);
            IdSearchResults searchResults = idRepo.searchIdentities(IdType.USER, "*", searchControl);
            Set amIdSet = searchResults.getSearchResults();
            if (amIdSet.size() > 1) {
                String univId = ((SSOToken) ssoToken).getProperty(Constants.UNIVERSAL_IDENTIFIER);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAdapter.postSuccess: found " + amIdSet.size() + " federation with same ID as " + univId);
                }
                String metaAlias = null;
                try {
                    IDFFMetaManager metaManager = new IDFFMetaManager(ssoToken);
                    if (metaManager != null) {
                        SPDescriptorConfigElement spConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityID);
                        if (spConfig != null) {
                            metaAlias = spConfig.getMetaAlias();
                        }
                    }
                } catch (IDFFMetaException ie) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAdapter.postSuccess: " + "couldn't find meta alias:", ie);
                    }
                }
                FSAccountManager accManager = FSAccountManager.getInstance(metaAlias);
                FSAccountFedInfoKey fedInfoKey = new FSAccountFedInfoKey(hostedEntityID, nameId);
                // previous federation exists with different users
                Iterator it = amIdSet.iterator();
                while (it.hasNext()) {
                    AMIdentity amId = (AMIdentity) it.next();
                    // compare with the SSO token
                    String tmpUnivId = IdUtils.getUniversalId(amId);
                    if (univId.equalsIgnoreCase(tmpUnivId)) {
                        continue;
                    }
                    // remove federation information for this user
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAdapter.postSucces, " + "remove fed info for user " + tmpUnivId);
                    }
                    accManager.removeAccountFedInfo(tmpUnivId, fedInfoKey, idpEntityId);
                }
            }
        } catch (FSAccountMgmtException f) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", f);
        } catch (IdRepoException i) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", i);
        } catch (SSOException e) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", e);
        }
    }
    return false;
}
Also used : SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) FSSubject(com.sun.identity.federation.message.FSSubject) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) HashMap(java.util.HashMap) IdSearchResults(com.sun.identity.idm.IdSearchResults) SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) SSOException(com.iplanet.sso.SSOException) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager) FSAssertion(com.sun.identity.federation.message.FSAssertion) Iterator(java.util.Iterator) IdSearchControl(com.sun.identity.idm.IdSearchControl) List(java.util.List) HashSet(java.util.HashSet) FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement) Statement(com.sun.identity.saml.assertion.Statement) FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) IdRepoException(com.sun.identity.idm.IdRepoException) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) AMIdentity(com.sun.identity.idm.AMIdentity) AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) Map(java.util.Map) HashMap(java.util.HashMap)

Example 17 with NameIdentifier

use of com.sun.identity.saml.assertion.NameIdentifier in project OpenAM by OpenRock.

the class FSSSOAndFedHandler method doSingleSignOn.

protected boolean doSingleSignOn(Object ssoToken, String inResponseTo) {
    FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn(2):  Called");
    try {
        String securityDomain = authnRequest.getProviderId();
        String affiliationID = authnRequest.getAffiliationID();
        if (affiliationID != null) {
            securityDomain = affiliationID;
        }
        SessionProvider sessionProvider = SessionManager.getProvider();
        String userID = sessionProvider.getPrincipalName(ssoToken);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn: " + "Initiating SSO for user with ID: " + userID);
        }
        FSAccountFedInfo accountInfo = accountManager.readAccountFedInfo(userID, securityDomain);
        if (accountInfo == null) {
            FSUtils.debug.error("FSSSOAndFedHandler.doSingleSignOn: Account Federation " + "Information not found for user with ID: " + userID);
            noFedStatus = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:FederationDoesNotExist", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
            String[] data = { userID };
            LogUtil.error(Level.INFO, LogUtil.USER_ACCOUNT_FEDERATION_INFO_NOT_FOUND, data, ssoToken);
            return false;
        }
        if (accountInfo != null && accountInfo.isFedStatusActive() && accountInfo.getLocalNameIdentifier() != null) {
            // Check if this is 6.2
            NameIdentifier localNI = accountInfo.getLocalNameIdentifier();
            String qualifier = localNI.getNameQualifier();
            if (qualifier != null && qualifier.equals(hostedEntityId)) {
                localNI = new NameIdentifier(localNI.getName(), securityDomain);
                NameIdentifier remoteNI = accountInfo.getRemoteNameIdentifier();
                if (remoteNI != null) {
                    remoteNI = new NameIdentifier(remoteNI.getName(), securityDomain);
                }
                FSAccountFedInfoKey newFedKey = new FSAccountFedInfoKey(securityDomain, localNI.getName());
                accountInfo = new FSAccountFedInfo(securityDomain, localNI, remoteNI, false);
                accountManager.writeAccountFedInfo(userID, newFedKey, accountInfo);
                FSAccountFedInfoKey oldFedKey = new FSAccountFedInfoKey(hostedEntityId, localNI.getName());
                accountManager.removeAccountFedInfoKey(userID, oldFedKey);
            }
        }
        NameIdentifier idpNI = accountInfo.getLocalNameIdentifier();
        if (idpNI == null) {
            idpNI = accountInfo.getRemoteNameIdentifier();
            if (idpNI == null) {
                FSUtils.debug.error("FSSSOAndFedHandler.doSingleSignOn: " + "NameIdentifier not found");
                return false;
            }
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn: " + "IDP generated opaque handle: " + idpNI.getName());
            }
        }
        NameIdentifier spNI = accountInfo.getRemoteNameIdentifier();
        if (spNI == null) {
            spNI = idpNI;
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn: " + "SP generated opaque handle: " + spNI.getName());
            }
        }
        return doSingleSignOn(ssoToken, inResponseTo, spNI, idpNI);
    } catch (Exception e) {
        FSUtils.debug.error("FSSSOAndFedHandler.doSingleSignOn: " + "Exception during Single Sign-On:", e);
        return false;
    }
}
Also used : Status(com.sun.identity.saml.protocol.Status) FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) StatusCode(com.sun.identity.saml.protocol.StatusCode) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSRedirectException(com.sun.identity.federation.common.FSRedirectException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 18 with NameIdentifier

use of com.sun.identity.saml.assertion.NameIdentifier in project OpenAM by OpenRock.

the class DiscoUtils method generateCredential.

private static String generateCredential(BitSet dirs, ResourceOffering current, Message message, String userDN, List credentials, SessionContext invoSession, String wscID, Object token) {
    SecurityAssertion assertion = null;
    try {
        SecurityTokenManager secuMgr = new SecurityTokenManager(token);
        NameIdentifier senderIdentity = null;
        String providerID = wscID;
        if ((providerID == null) || (providerID.length() == 0)) {
            ProviderHeader ph = message.getProviderHeader();
            if (ph != null) {
                providerID = ph.getProviderID();
            }
        }
        SessionContext invocatorSession = invoSession;
        if (invocatorSession == null) {
            invocatorSession = getSessionContext(message.getAssertion());
        }
        String tproviderID = current.getServiceInstance().getProviderID();
        if (invocatorSession != null) {
            try {
                ProviderManager pm = ProviderUtil.getProviderManager();
                SessionSubject sub = invocatorSession.getSessionSubject();
                NameIdentifier ni = sub.getNameIdentifier();
                if ((ni.getFormat() != null) && (ni.getFormat().equals("urn:liberty:iff:nameid:encrypted"))) {
                    ni = EncryptedNameIdentifier.getDecryptedNameIdentifier(ni, pm.getDecryptionKey(DiscoServiceManager.getDiscoProviderID()));
                }
                NameIdentifier newNi = null;
                NameIdentifierMapper niMapper = DiscoServiceManager.getNameIdentifierMapper();
                if (niMapper != null) {
                    String discoEntityID = DiscoServiceManager.getDiscoProviderID();
                    newNi = niMapper.getNameIdentifier(tproviderID, discoEntityID, ni, userDN);
                }
                if ((newNi != null) && !newNi.equals(ni)) {
                    sub.setNameIdentifier(newNi);
                    // modify IDPProvidedNameIdentifier, this should be
                    // a EncryptedIDPProvidedNameIdentifier, but not 
                    // defined by specification.
                    // Or set this to null once we make it optional
                    // in SessionSubject class implementation 
                    IDPProvidedNameIdentifier idpNi = sub.getIDPProvidedNameIdentifier();
                    if (idpNi != null) {
                        IDPProvidedNameIdentifier newIdpNi = new IDPProvidedNameIdentifier(newNi.getName(), newNi.getNameQualifier(), newNi.getFormat());
                        sub.setIDPProvidedNameIdentifier(newIdpNi);
                    }
                } else if (pm.isNameIDEncryptionEnabled(tproviderID)) {
                    sub.setNameIdentifier(EncryptedNameIdentifier.getEncryptedNameIdentifier(ni, tproviderID, pm.getEncryptionKey(tproviderID), pm.getEncryptionKeyAlgorithm(tproviderID), pm.getEncryptionKeyStrength(tproviderID)));
                } else {
                    sub.setNameIdentifier(ni);
                }
                invocatorSession.setSessionSubject(sub);
            } catch (Exception ex) {
                debug.error("DiscoUtils.handleDirective: En/Decryption" + " Exception:", ex);
                return null;
            }
        }
        Object resourceID = current.getEncryptedResourceID();
        if (resourceID == null) {
            resourceID = current.getResourceID();
            if (resourceID == null) {
                resourceID = (String) DiscoConstants.IMPLIED_RESOURCE;
            } else {
                resourceID = ((ResourceID) resourceID).getResourceID();
            }
        }
        if (dirs.get(BEARER)) {
            if (dirs.get(AUTHN) || dirs.get(AUTHO) || dirs.get(SESSION)) {
                if ((providerID != null) && (providerID.length() != 0)) {
                    senderIdentity = new NameIdentifier(providerID, null, DiscoConstants.PROVIDER_ID_FORMAT);
                } else {
                    senderIdentity = new NameIdentifier(userDN);
                }
                if (resourceID instanceof String) {
                    assertion = secuMgr.getSAMLBearerToken(senderIdentity, invocatorSession, (String) resourceID, dirs.get(AUTHN), dirs.get(AUTHO), tproviderID);
                } else {
                    assertion = secuMgr.getSAMLBearerToken(senderIdentity, invocatorSession, (EncryptedResourceID) resourceID, dirs.get(AUTHN), dirs.get(AUTHO), tproviderID);
                }
            }
        } else {
            if ((providerID != null) && (providerID.length() != 0)) {
                senderIdentity = new NameIdentifier(providerID, null, DiscoConstants.PROVIDER_ID_FORMAT);
            } else {
                senderIdentity = new NameIdentifier(userDN);
            }
            if (providerID != null) {
                secuMgr.setCertAlias(ProviderUtil.getProviderManager().getSigningKeyAlias(providerID));
            } else {
                X509Certificate wscCert = message.getPeerCertificate();
                if (wscCert == null) {
                    wscCert = message.getMessageCertificate();
                    if (wscCert == null) {
                        if (debug.messageEnabled()) {
                            debug.message("DiscoUtils.generateCredential:" + "client cert is null. Cannot generate " + "credential.");
                        }
                        return null;
                    }
                }
                secuMgr.setCertificate(wscCert);
            }
            if (resourceID instanceof String) {
                assertion = secuMgr.getSAMLAuthorizationToken(senderIdentity, invocatorSession, (String) resourceID, dirs.get(AUTHN), dirs.get(AUTHO), tproviderID);
            } else {
                assertion = secuMgr.getSAMLAuthorizationToken(senderIdentity, invocatorSession, (EncryptedResourceID) resourceID, dirs.get(AUTHN), dirs.get(AUTHO), tproviderID);
            }
        }
    } catch (Exception ex) {
        debug.error("DiscoUtils.generateCredential:" + "cannot generate credential: ", ex);
    }
    if (assertion == null) {
        debug.error("DiscoUtils.generateCredential: " + "cannot generate credential.");
        return null;
    } else {
        credentials.add(assertion);
        return assertion.getAssertionID();
    }
}
Also used : NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier) EncryptedNameIdentifier(com.sun.identity.federation.message.common.EncryptedNameIdentifier) EncryptedResourceID(com.sun.identity.liberty.ws.disco.EncryptedResourceID) DiscoveryException(com.sun.identity.liberty.ws.disco.DiscoveryException) X509Certificate(java.security.cert.X509Certificate) ProviderHeader(com.sun.identity.liberty.ws.soapbinding.ProviderHeader) ProviderManager(com.sun.identity.liberty.ws.util.ProviderManager) NameIdentifierMapper(com.sun.identity.liberty.ws.disco.plugins.NameIdentifierMapper) IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)

Example 19 with NameIdentifier

use of com.sun.identity.saml.assertion.NameIdentifier in project OpenAM by OpenRock.

the class BulkFederation method idffFederateUser.

private void idffFederateUser(String localUserId, String remoteUserId, BufferedWriter out) throws CLIException {
    SSOToken adminSSOToken = getAdminSSOToken();
    try {
        AMIdentity amid = IdUtils.getIdentity(adminSSOToken, localUserId);
        String nameId = createNameIdentifier();
        FSAccountFedInfoKey key = (isIDP) ? new FSAccountFedInfoKey(remoteEntityId, nameId) : new FSAccountFedInfoKey(localEntityId, nameId);
        FSAccountFedInfo info = null;
        if (isIDP) {
            info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, remoteEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.LOCAL_NAME_IDENTIFIER, true);
        } else {
            info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, localEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.REMOTE_NAME_IDENTIFIER, true);
        }
        Map attributes = amid.getAttributes(idffUserAttributesFed);
        Set setInfoKey = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_KEY_ATTR);
        if ((setInfoKey == null) || setInfoKey.isEmpty()) {
            setInfoKey = new HashSet(2);
            attributes.put(FSAccountUtils.USER_FED_INFO_KEY_ATTR, setInfoKey);
        }
        setInfoKey.add(FSAccountUtils.objectToKeyString(key));
        Set setInfo = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_ATTR);
        if ((setInfo == null) || setInfo.isEmpty()) {
            setInfo = new HashSet(2);
            attributes.put(FSAccountUtils.USER_FED_INFO_ATTR, setInfo);
        }
        setInfo.add(FSAccountUtils.objectToInfoString(info));
        amid.setAttributes(attributes);
        amid.store();
        out.write(remoteUserId + "|" + nameId);
        out.newLine();
    } catch (FSAccountMgmtException e) {
        debugError("BulkFederation.idffFederateUser", e);
        Object[] param = { localUserId };
        throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (SAMLException e) {
        debugError("BulkFederation.idffFederateUser", e);
        Object[] param = { localUserId };
        throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (IOException e) {
        debugError("BulkFederation.idffFederateUser", e);
        Object[] param = { localUserId };
        throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (IdRepoException e) {
        debugError("BulkFederation.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    } catch (SSOException e) {
        debugError("BulkFederation.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) HashSet(java.util.HashSet) Set(java.util.Set) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) IOException(java.io.IOException) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) SAMLException(com.sun.identity.saml.common.SAMLException) IOutput(com.sun.identity.cli.IOutput) AMIdentity(com.sun.identity.idm.AMIdentity) CLIException(com.sun.identity.cli.CLIException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Example 20 with NameIdentifier

use of com.sun.identity.saml.assertion.NameIdentifier in project OpenAM by OpenRock.

the class ImportBulkFederationData method idffFederateUser.

private void idffFederateUser(String userId, String nameId) throws CLIException {
    try {
        AMIdentity amid = IdUtils.getIdentity(getAdminSSOToken(), userId);
        FSAccountFedInfoKey key = (!isIDP) ? new FSAccountFedInfoKey(localEntityId, nameId) : new FSAccountFedInfoKey(remoteEntityId, nameId);
        FSAccountFedInfo info = null;
        if (isIDP) {
            info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, remoteEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.LOCAL_NAME_IDENTIFIER, false);
        } else {
            info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, localEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.REMOTE_NAME_IDENTIFIER, false);
        }
        Map attributes = amid.getAttributes(BulkFederation.idffUserAttributesFed);
        Set setInfoKey = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_KEY_ATTR);
        if ((setInfoKey == null) || setInfoKey.isEmpty()) {
            setInfoKey = new HashSet(2);
            attributes.put(FSAccountUtils.USER_FED_INFO_KEY_ATTR, setInfoKey);
        }
        setInfoKey.add(FSAccountUtils.objectToKeyString(key));
        Set setInfo = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_ATTR);
        if ((setInfo == null) || setInfo.isEmpty()) {
            setInfo = new HashSet(2);
            attributes.put(FSAccountUtils.USER_FED_INFO_ATTR, setInfo);
        }
        setInfo.add(FSAccountUtils.objectToInfoString(info));
        amid.setAttributes(attributes);
        amid.store();
    } catch (FSAccountMgmtException e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        Object[] param = { userId };
        throw new CLIException(MessageFormat.format(getResourceString("import-bulk-federation-data-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (SAMLException e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        Object[] param = { userId };
        throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (IdRepoException e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    } catch (SSOException e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    }
}
Also used : FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) HashSet(java.util.HashSet) Set(java.util.Set) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) SAMLException(com.sun.identity.saml.common.SAMLException) IOutput(com.sun.identity.cli.IOutput) AMIdentity(com.sun.identity.idm.AMIdentity) CLIException(com.sun.identity.cli.CLIException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Aggregations

NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)39 SAMLException (com.sun.identity.saml.common.SAMLException)17 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)11 FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)10 FSException (com.sun.identity.federation.common.FSException)10 SessionException (com.sun.identity.plugin.session.SessionException)10 Map (java.util.Map)10 FSAccountFedInfoKey (com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)9 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)9 HashMap (java.util.HashMap)8 List (java.util.List)8 Set (java.util.Set)6 IDPProvidedNameIdentifier (com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)5 FSSessionManager (com.sun.identity.federation.services.FSSessionManager)5 SessionProvider (com.sun.identity.plugin.session.SessionProvider)5 Iterator (java.util.Iterator)5 FSAssertion (com.sun.identity.federation.message.FSAssertion)4 FSSubject (com.sun.identity.federation.message.FSSubject)4 EncryptedNameIdentifier (com.sun.identity.federation.message.common.EncryptedNameIdentifier)4 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)4