Search in sources :

Example 61 with Assertion

use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.

the class SAML2IDPProxyFRImpl method selectIDPBasedOnLOA.

private String selectIDPBasedOnLOA(List<String> idpList, String realm, AuthnRequest authnRequest) {
    String classMethod = "selectIdPBasedOnLOA";
    EntityDescriptorElement idpDesc = null;
    Set authnRequestContextSet = null;
    String idps = "";
    try {
        RequestedAuthnContext requestedAuthnContext = authnRequest.getRequestedAuthnContext();
        if (requestedAuthnContext == null) {
            //In this case we just simply return all the IdPs as each one should support a default AuthnContext.
            return StringUtils.join(idpList, " ");
        }
        List listOfAuthnContexts = requestedAuthnContext.getAuthnContextClassRef();
        debugMessage(classMethod, "listofAuthnContexts: " + listOfAuthnContexts);
        try {
            authnRequestContextSet = new HashSet(listOfAuthnContexts);
        } catch (Exception ex1) {
            authnRequestContextSet = new HashSet();
        }
        if ((idpList != null) && (!idpList.isEmpty())) {
            Iterator idpI = idpList.iterator();
            while (idpI.hasNext()) {
                String idp = (String) idpI.next();
                debugMessage(classMethod, "IDP is: " + idp);
                idpDesc = SAML2Utils.getSAML2MetaManager().getEntityDescriptor(realm, idp);
                if (idpDesc != null) {
                    ExtensionsType et = idpDesc.getExtensions();
                    if (et != null) {
                        debugMessage(classMethod, "Extensions found for idp: " + idp);
                        List idpExtensions = et.getAny();
                        if (idpExtensions != null || !idpExtensions.isEmpty()) {
                            debugMessage(classMethod, "Extensions content found for idp: " + idp);
                            Iterator idpExtensionsI = idpExtensions.iterator();
                            while (idpExtensionsI.hasNext()) {
                                EntityAttributesElement eael = (EntityAttributesElement) idpExtensionsI.next();
                                if (eael != null) {
                                    debugMessage(classMethod, "Entity Attributes found for idp: " + idp);
                                    List attribL = eael.getAttributeOrAssertion();
                                    if (attribL != null || !attribL.isEmpty()) {
                                        Iterator attrI = attribL.iterator();
                                        while (attrI.hasNext()) {
                                            AttributeElement ae = (AttributeElement) attrI.next();
                                            // TODO: Verify what type of element this is (Attribute or assertion)
                                            // For validation purposes
                                            List av = ae.getAttributeValue();
                                            if (av != null || !av.isEmpty()) {
                                                debugMessage(classMethod, "Attribute Values found for idp: " + idp);
                                                Iterator avI = av.iterator();
                                                while (avI.hasNext()) {
                                                    AttributeValueElement ave = (AttributeValueElement) avI.next();
                                                    if (ave != null) {
                                                        List contentL = ave.getContent();
                                                        debugMessage(classMethod, "Attribute Value Elements found for idp: " + idp + "-->" + contentL);
                                                        if (contentL != null || !contentL.isEmpty()) {
                                                            Set idpContextSet = trimmedListToSet(contentL);
                                                            debugMessage(classMethod, "idpContextSet = " + idpContextSet);
                                                            idpContextSet.retainAll(authnRequestContextSet);
                                                            if (idpContextSet != null && !idpContextSet.isEmpty()) {
                                                                idps = idp + " " + idps;
                                                                debugMessage(classMethod, "Extension Values found for idp " + idp + ": " + idpContextSet);
                                                            }
                                                        }
                                                    }
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    } else {
                        debugMessage(classMethod, " No extensions found for IdP " + idp);
                    }
                } else {
                    debugMessage(classMethod, "Configuration for the idp " + idp + " was not found in this system");
                }
            }
        }
    } catch (SAML2MetaException me) {
        debugMessage(classMethod, "SOmething went wrong: " + me);
    }
    debugMessage(classMethod, " IDPList returns: " + idps);
    return idps.trim();
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) EntityAttributesElement(com.sun.identity.saml2.jaxb.metadataattr.EntityAttributesElement) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) COTException(com.sun.identity.cot.COTException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) RequestedAuthnContext(com.sun.identity.saml2.protocol.RequestedAuthnContext) ExtensionsType(com.sun.identity.saml2.jaxb.metadata.ExtensionsType) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) List(java.util.List) AttributeValueElement(com.sun.identity.saml2.jaxb.assertion.AttributeValueElement) AttributeElement(com.sun.identity.saml2.jaxb.assertion.AttributeElement) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) HashSet(java.util.HashSet)

Example 62 with Assertion

use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.

the class IDPSSOUtil method getACSurlFromMetaByBinding.

/**
     * Returns the assertion consumer service <code>URL</code> from
     * meta data by binding
     *
     * @param spEntityID      the entity id of the service provider
     * @param realm           the realm name of the identity provider
     * @param desiredBinding  the desired binding
     * @param returnedBinding the binding used to send back
     *                        <code>Response</code>
     * @return the assertion consumer service <code>URL</code>
     * @throws SAML2Exception if the operation is not successful
     */
public static String getACSurlFromMetaByBinding(String spEntityID, String realm, String desiredBinding, StringBuffer returnedBinding) throws SAML2Exception {
    String classMethod = "IDPSSOUtil.getACSurlFromMetaByBinding: ";
    SPSSODescriptorElement spSSODescriptorElement = getSPSSODescriptor(realm, spEntityID, classMethod);
    List acsList = spSSODescriptorElement.getAssertionConsumerService();
    String acsURL = null;
    String binding = null;
    String defaultAcsURL = null;
    String defaultBinding = null;
    String firstAcsURL = null;
    String firstBinding = null;
    AssertionConsumerServiceElement acs = null;
    for (int i = 0; i < acsList.size(); i++) {
        acs = (AssertionConsumerServiceElement) acsList.get(i);
        binding = acs.getBinding();
        if (binding.equals(desiredBinding)) {
            acsURL = acs.getLocation();
            break;
        }
        if (acs.isIsDefault()) {
            defaultAcsURL = acs.getLocation();
            defaultBinding = acs.getBinding();
        }
        if (i == 0) {
            firstAcsURL = acs.getLocation();
            firstBinding = acs.getBinding();
        }
    }
    if (acsURL == null || acsURL.length() == 0) {
        acsURL = defaultAcsURL;
        if (acsURL == null || acsURL.length() == 0) {
            acsURL = firstAcsURL;
            if (acsURL == null || acsURL.length() == 0) {
                acsURL = null;
                SAML2Utils.debug.error(classMethod + "Unable to get valid Assertion " + "Consumer Service URL");
                return null;
            }
            returnedBinding.append(firstBinding);
        } else {
            returnedBinding.append(defaultBinding);
        }
    } else {
        returnedBinding.append(binding);
    }
    return acsURL;
}
Also used : SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) AssertionConsumerServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionConsumerServiceElement) List(java.util.List) ArrayList(java.util.ArrayList)

Example 63 with Assertion

use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.

the class IDPSSOUtil method getDefaultACSurl.

/**
     * Returns the default assertion consumer service url and binding
     * from the metadata.
     *
     * @param spEntityID the entity id of the service provider
     * @param realm      the realm name of the identity provider
     * @return the assertion consumer service url with returned binding.
     * @throws SAML2Exception if the operation is not successful
     */
public static String getDefaultACSurl(String spEntityID, String realm, StringBuffer returnedBinding) throws SAML2Exception {
    String classMethod = "IDPSSOUtil.getDefaultACSurl: ";
    SPSSODescriptorElement spSSODescriptorElement = getSPSSODescriptor(realm, spEntityID, classMethod);
    List acsList = spSSODescriptorElement.getAssertionConsumerService();
    AssertionConsumerServiceElement acs = null;
    String acsURL = null;
    String binding = null;
    String firstAcsURL = null;
    String firstBinding = null;
    for (int i = 0; i < acsList.size(); i++) {
        acs = (AssertionConsumerServiceElement) acsList.get(i);
        if (acs.isIsDefault()) {
            acsURL = acs.getLocation();
            binding = acs.getBinding();
        }
        if (i == 0) {
            firstAcsURL = acs.getLocation();
            firstBinding = acs.getBinding();
        }
    }
    if (acsURL == null) {
        acsURL = firstAcsURL;
        binding = firstBinding;
    }
    if (binding != null) {
        returnedBinding.append(binding);
    }
    return acsURL;
}
Also used : SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) AssertionConsumerServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionConsumerServiceElement) List(java.util.List) ArrayList(java.util.ArrayList)

Example 64 with Assertion

use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.

the class IDPSSOUtil method extractAuthenticatingAuthorities.

private static List<String> extractAuthenticatingAuthorities(Assertion assertion) {
    final List<String> authenticatingAuthorities = new ArrayList<String>();
    final List<AuthnStatement> authnStatements = assertion.getAuthnStatements();
    if (authnStatements != null) {
        for (AuthnStatement authnStatement : authnStatements) {
            final List<String> authorities = authnStatement.getAuthnContext().getAuthenticatingAuthority();
            if (authorities != null) {
                authenticatingAuthorities.addAll(authorities);
            }
        }
    }
    return authenticatingAuthorities;
}
Also used : ArrayList(java.util.ArrayList) AuthnStatement(com.sun.identity.saml2.assertion.AuthnStatement)

Example 65 with Assertion

use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.

the class IDPSSOUtil method signAssertion.

/**
     * Signs an <code>Assertion</code>
     *
     * @param realm       the realm name of the identity provider
     * @param idpEntityID the entity id of the identity provider
     * @param assertion   The <code>Assertion</code> to be signed
     */
static void signAssertion(String realm, String idpEntityID, Assertion assertion) throws SAML2Exception {
    String classMethod = "IDPSSOUtil.signAssertion: ";
    KeyProvider kp = KeyUtil.getKeyProviderInstance();
    if (kp == null) {
        SAML2Utils.debug.error(classMethod + "Unable to get a key provider instance.");
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullKeyProvider"));
    }
    String idpSignCertAlias = SAML2Utils.getSigningCertAlias(realm, idpEntityID, SAML2Constants.IDP_ROLE);
    if (idpSignCertAlias == null) {
        SAML2Utils.debug.error(classMethod + "Unable to get the hosted IDP signing certificate alias.");
        throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
    }
    String encryptedKeyPass = SAML2Utils.getSigningCertEncryptedKeyPass(realm, idpEntityID, SAML2Constants.IDP_ROLE);
    PrivateKey key;
    if (encryptedKeyPass == null || encryptedKeyPass.isEmpty()) {
        key = kp.getPrivateKey(idpSignCertAlias);
    } else {
        key = kp.getPrivateKey(idpSignCertAlias, encryptedKeyPass);
    }
    assertion.sign(key, kp.getX509Certificate(idpSignCertAlias));
}
Also used : KeyProvider(com.sun.identity.saml.xmlsig.KeyProvider) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) PrivateKey(java.security.PrivateKey)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)53 ArrayList (java.util.ArrayList)42 List (java.util.List)42 Assertion (com.sun.identity.saml2.assertion.Assertion)30 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)24 Date (java.util.Date)24 EncryptedAssertion (com.sun.identity.saml2.assertion.EncryptedAssertion)20 Issuer (com.sun.identity.saml2.assertion.Issuer)16 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)16 Response (com.sun.identity.saml2.protocol.Response)16 Iterator (java.util.Iterator)15 HttpServletResponse (javax.servlet.http.HttpServletResponse)13 SessionException (com.sun.identity.plugin.session.SessionException)12 IOException (java.io.IOException)12 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)11 NameID (com.sun.identity.saml2.assertion.NameID)10 PrivateKey (java.security.PrivateKey)10 AttributeStatement (com.sun.identity.saml2.assertion.AttributeStatement)8 Subject (com.sun.identity.saml2.assertion.Subject)8 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)8