Example 46 with Assertion
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method setSPStdAttributeValues.
/**
* Saves the standard attribute values for the Service Provider.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @param spStdValues Map which contains the standard attribute values.
* @param assertionConsumer List with assertion consumer service values.
* @throws AMConsoleException if saving of attribute value fails.
*/
public void setSPStdAttributeValues(String realm, String entityName, Map spStdValues, List assertionConsumer) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "SP-Standard" };
logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
SPSSODescriptorElement spssoDescriptor = null;
com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
spssoDescriptor = samlManager.getSPSSODescriptor(realm, entityName);
if (spssoDescriptor != null) {
// save for Single Logout Service - Http-Redirect
if (spStdValues.keySet().contains(SP_SINGLE_LOGOUT_HTTP_LOCATION)) {
String lohttpLocation = getResult(spStdValues, SP_SINGLE_LOGOUT_HTTP_LOCATION);
String lohttpRespLocation = getResult(spStdValues, SP_SINGLE_LOGOUT_HTTP_RESP_LOCATION);
String lopostLocation = getResult(spStdValues, SP_SLO_POST_LOC);
String lopostRespLocation = getResult(spStdValues, SP_SLO_POST_RESPLOC);
String losoapLocation = getResult(spStdValues, SP_SINGLE_LOGOUT_SOAP_LOCATION);
String priority = getResult(spStdValues, SP_LOGOUT_DEFAULT);
if (priority.contains("none")) {
if (lohttpLocation != null) {
priority = httpRedirectBinding;
} else if (lopostLocation != null) {
priority = httpPostBinding;
} else if (losoapLocation != null) {
priority = soapBinding;
}
}
List logList = spssoDescriptor.getSingleLogoutService();
if (!logList.isEmpty()) {
logList.clear();
}
if (priority != null && priority.contains("HTTP-Redirect")) {
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savepostLogout(lopostLocation, lopostRespLocation, logList, objFact);
savesoapLogout(losoapLocation, logList, objFact);
} else if (priority != null && priority.contains("HTTP-POST")) {
savepostLogout(lopostLocation, lopostRespLocation, logList, objFact);
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savesoapLogout(losoapLocation, logList, objFact);
} else if (priority != null && priority.contains("SOAP")) {
savesoapLogout(losoapLocation, logList, objFact);
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savepostLogout(lopostLocation, lopostRespLocation, logList, objFact);
}
}
// save for Manage Name ID Service
if (spStdValues.keySet().contains(SP_MANAGE_NAMEID_HTTP_LOCATION)) {
String mnihttpLocation = getResult(spStdValues, SP_MANAGE_NAMEID_HTTP_LOCATION);
String mnihttpRespLocation = getResult(spStdValues, SP_MANAGE_NAMEID_HTTP_RESP_LOCATION);
String mnipostLocation = getResult(spStdValues, SP_MNI_POST_LOC);
String mnipostRespLocation = getResult(spStdValues, SP_MNI_POST_RESPLOC);
String mnisoapLocation = getResult(spStdValues, SP_MANAGE_NAMEID_SOAP_LOCATION);
String mnisoapResLocation = getResult(spStdValues, SP_MANAGE_NAMEID_SOAP_RESP_LOCATION);
String priority = getResult(spStdValues, SP_MNI_DEFAULT);
if (priority.contains("none")) {
if (mnihttpLocation != null) {
priority = httpRedirectBinding;
} else if (mnipostLocation != null) {
priority = httpPostBinding;
} else if (mnisoapLocation != null) {
priority = soapBinding;
}
}
List manageNameIdList = spssoDescriptor.getManageNameIDService();
if (!manageNameIdList.isEmpty()) {
manageNameIdList.clear();
}
if (priority != null && priority.contains("HTTP-Redirect")) {
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
saveSPsoapMni(mnisoapLocation, mnisoapResLocation, manageNameIdList, objFact);
} else if (priority != null && priority.contains("HTTP-POST")) {
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
saveSPsoapMni(mnisoapLocation, mnisoapResLocation, manageNameIdList, objFact);
} else if (priority != null && priority.contains("SOAP")) {
saveSPsoapMni(mnisoapLocation, mnisoapResLocation, manageNameIdList, objFact);
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
}
}
//save for artifact, post and paos Assertion Consumer Service
if (!assertionConsumer.isEmpty() && assertionConsumer.size() > 0) {
List asconsServiceList = spssoDescriptor.getAssertionConsumerService();
if (!asconsServiceList.isEmpty()) {
asconsServiceList.clear();
}
asconsServiceList.addAll(assertionConsumer);
}
//save nameid format
if (spStdValues.keySet().contains(NAMEID_FORMAT)) {
saveNameIdFormat(spssoDescriptor, spStdValues);
}
//save AuthnRequestsSigned
if (spStdValues.keySet().contains(IS_AUTHN_REQ_SIGNED)) {
boolean authnValue = setToBoolean(spStdValues, IS_AUTHN_REQ_SIGNED);
spssoDescriptor.setAuthnRequestsSigned(authnValue);
}
//save WantAssertionsSigned
if (spStdValues.keySet().contains(WANT_ASSERTIONS_SIGNED)) {
boolean assertValue = setToBoolean(spStdValues, WANT_ASSERTIONS_SIGNED);
spssoDescriptor.setWantAssertionsSigned(assertValue);
}
samlManager.setEntityDescriptor(realm, entityDescriptor);
}
logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.setSPStdAttributeValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "SP-Standard", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
} catch (JAXBException e) {
debug.error("SAMLv2ModelImpl.setSPStdAttributeValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "SP-Standard", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
}
}
Also used :
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
JAXBException(javax.xml.bind.JAXBException)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)
List(java.util.List)
ArrayList(java.util.ArrayList)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 47 with Assertion
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method getAssertionConsumerServices.
/**
* Returns a List with Assertion Consumer Service attributes and values.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @return List with Assertion Consumer values of Service Provider.
* @throws AMConsoleException if unable to retrieve the Service Provider
* Assertion Consumer values based on the realm and entityName passed.
*/
public List getAssertionConsumerServices(String realm, String entityName) throws AMConsoleException {
List asconsServiceList = null;
SPSSODescriptorElement spssoDescriptor = null;
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
spssoDescriptor = samlManager.getSPSSODescriptor(realm, entityName);
if (spssoDescriptor != null) {
asconsServiceList = spssoDescriptor.getAssertionConsumerService();
}
} catch (SAML2MetaException e) {
if (debug.warningEnabled()) {
debug.warning("SAMLv2ModelImpl.getAssertionConsumerService", e);
}
throw new AMConsoleException(getErrorString(e));
}
return asconsServiceList;
}
Also used :
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
List(java.util.List)
ArrayList(java.util.ArrayList)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 48 with Assertion
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class SAML2TokenGenerationImpl method encryptAttributeStatement.
@SuppressWarnings("unchecked")
private void encryptAttributeStatement(Assertion assertion, SAML2Config saml2Config, STSInstanceState stsInstanceState) throws TokenCreationException {
final PublicKey keyEncryptionKey = stsInstanceState.getSAML2CryptoProvider().getSPX509Certificate(saml2Config.getEncryptionKeyAlias()).getPublicKey();
final String encryptionAlgorithm = saml2Config.getEncryptionAlgorithm();
final int algorithmStrength = saml2Config.getEncryptionAlgorithmStrength();
final String spEntityID = saml2Config.getSpEntityId();
try {
List<AttributeStatement> originalAttributeStatements = assertion.getAttributeStatements();
if ((originalAttributeStatements != null) && (originalAttributeStatements.size() > 0)) {
List<AttributeStatement> encryptedAttributeStatements = new ArrayList<>(originalAttributeStatements.size());
for (AttributeStatement originalStatement : originalAttributeStatements) {
List<Attribute> originalAttributes = originalStatement.getAttribute();
if ((originalAttributes == null) || (originalAttributes.size() == 0)) {
continue;
}
List<EncryptedAttribute> encryptedAttributes = new ArrayList<>(originalAttributes.size());
for (Attribute originalAttribute : originalAttributes) {
EncryptedAttribute encryptedAttribute = originalAttribute.encrypt(keyEncryptionKey, encryptionAlgorithm, algorithmStrength, spEntityID);
if (encryptedAttribute == null) {
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "In SAML2TokenGenerationImpl, " + "attribute encryption invocation returned null.");
}
encryptedAttributes.add(encryptedAttribute);
}
originalStatement.setEncryptedAttribute(encryptedAttributes);
originalStatement.setAttribute(Collections.EMPTY_LIST);
encryptedAttributeStatements.add(originalStatement);
}
assertion.setAttributeStatements(encryptedAttributeStatements);
}
} catch (SAML2Exception e) {
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "In SAML2TokenGenerationImpl, exception " + "caught encrypting assertion attributes: " + e, e);
}
}
Also used :
EncryptedAttribute(com.sun.identity.saml2.assertion.EncryptedAttribute)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Attribute(com.sun.identity.saml2.assertion.Attribute)
EncryptedAttribute(com.sun.identity.saml2.assertion.EncryptedAttribute)
PublicKey(java.security.PublicKey)
AttributeStatement(com.sun.identity.saml2.assertion.AttributeStatement)
ArrayList(java.util.ArrayList)
TokenCreationException(org.forgerock.openam.sts.TokenCreationException)
Example 49 with Assertion
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class SAML2TokenGenerationImpl method signAssertion.
private void signAssertion(Assertion assertion, STSInstanceState instanceState) throws TokenCreationException {
final SAML2CryptoProvider saml2CryptoProvider = instanceState.getSAML2CryptoProvider();
final SAML2Config saml2Config = instanceState.getConfig().getSaml2Config();
String signatureKeyPassword;
try {
signatureKeyPassword = new String(saml2Config.getSignatureKeyPassword(), AMSTSConstants.UTF_8_CHARSET_ID);
} catch (UnsupportedEncodingException e) {
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Could not obtain string representation of signature key password in SAML2TokenGenerationImpl: ");
}
/*
Note: the cert alias and private-key alias are the same. If there is a key entry in the keystore, it seems like
they are represented by the same alias.
*/
PrivateKey privateKey = saml2CryptoProvider.getIDPPrivateKey(saml2Config.getSignatureKeyAlias(), signatureKeyPassword);
try {
assertion.sign(privateKey, saml2CryptoProvider.getIDPX509Certificate(saml2Config.getSignatureKeyAlias()));
} catch (SAML2Exception e) {
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught signing assertion in SAML2TokenGenerationImpl: " + e, e);
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SAML2Config(org.forgerock.openam.sts.config.user.SAML2Config)
SAML2CryptoProvider(org.forgerock.openam.sts.tokengeneration.saml2.xmlsig.SAML2CryptoProvider)
PrivateKey(java.security.PrivateKey)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
TokenCreationException(org.forgerock.openam.sts.TokenCreationException)
Example 50 with Assertion
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class XACMLAuthzDecisionQueryHandler method createSamlpResponse.
private com.sun.identity.saml2.protocol.Response createSamlpResponse(XACMLAuthzDecisionStatement statement, String statusCodeValue) throws XACMLException, SAML2Exception {
com.sun.identity.saml2.protocol.Response samlpResponse = ProtocolFactory.getInstance().createResponse();
samlpResponse.setID("response-id:1");
samlpResponse.setVersion("2.0");
samlpResponse.setIssueInstant(new Date());
com.sun.identity.saml2.protocol.StatusCode samlStatusCode = ProtocolFactory.getInstance().createStatusCode();
samlStatusCode.setValue(statusCodeValue);
com.sun.identity.saml2.protocol.Status samlStatus = ProtocolFactory.getInstance().createStatus();
samlStatus.setStatusCode(samlStatusCode);
samlpResponse.setStatus(samlStatus);
Assertion assertion = AssertionFactory.getInstance().createAssertion();
assertion.setVersion("2.0");
assertion.setID("response-id:1");
assertion.setIssueInstant(new Date());
Issuer issuer = AssertionFactory.getInstance().createIssuer();
issuer.setValue("issuer-1");
assertion.setIssuer(issuer);
List statements = new ArrayList();
statements.add(//add decisionstatement
statement.toXMLString(true, true));
assertion.setStatements(statements);
List assertions = new ArrayList();
assertions.add(assertion);
samlpResponse.setAssertion(assertions);
return samlpResponse;
}Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)53
ArrayList (java.util.ArrayList)42
List (java.util.List)42
Assertion (com.sun.identity.saml2.assertion.Assertion)30
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)24
Date (java.util.Date)24
EncryptedAssertion (com.sun.identity.saml2.assertion.EncryptedAssertion)20
Issuer (com.sun.identity.saml2.assertion.Issuer)16
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)16
Response (com.sun.identity.saml2.protocol.Response)16
Iterator (java.util.Iterator)15
HttpServletResponse (javax.servlet.http.HttpServletResponse)13
SessionException (com.sun.identity.plugin.session.SessionException)12
IOException (java.io.IOException)12
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)11
NameID (com.sun.identity.saml2.assertion.NameID)10
PrivateKey (java.security.PrivateKey)10
AttributeStatement (com.sun.identity.saml2.assertion.AttributeStatement)8
Subject (com.sun.identity.saml2.assertion.Subject)8
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)8
