Example 61 with Assertion
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class SAML2IDPProxyFRImpl method selectIDPBasedOnLOA.
private String selectIDPBasedOnLOA(List<String> idpList, String realm, AuthnRequest authnRequest) {
String classMethod = "selectIdPBasedOnLOA";
EntityDescriptorElement idpDesc = null;
Set authnRequestContextSet = null;
String idps = "";
try {
RequestedAuthnContext requestedAuthnContext = authnRequest.getRequestedAuthnContext();
if (requestedAuthnContext == null) {
//In this case we just simply return all the IdPs as each one should support a default AuthnContext.
return StringUtils.join(idpList, " ");
}
List listOfAuthnContexts = requestedAuthnContext.getAuthnContextClassRef();
debugMessage(classMethod, "listofAuthnContexts: " + listOfAuthnContexts);
try {
authnRequestContextSet = new HashSet(listOfAuthnContexts);
} catch (Exception ex1) {
authnRequestContextSet = new HashSet();
}
if ((idpList != null) && (!idpList.isEmpty())) {
Iterator idpI = idpList.iterator();
while (idpI.hasNext()) {
String idp = (String) idpI.next();
debugMessage(classMethod, "IDP is: " + idp);
idpDesc = SAML2Utils.getSAML2MetaManager().getEntityDescriptor(realm, idp);
if (idpDesc != null) {
ExtensionsType et = idpDesc.getExtensions();
if (et != null) {
debugMessage(classMethod, "Extensions found for idp: " + idp);
List idpExtensions = et.getAny();
if (idpExtensions != null || !idpExtensions.isEmpty()) {
debugMessage(classMethod, "Extensions content found for idp: " + idp);
Iterator idpExtensionsI = idpExtensions.iterator();
while (idpExtensionsI.hasNext()) {
EntityAttributesElement eael = (EntityAttributesElement) idpExtensionsI.next();
if (eael != null) {
debugMessage(classMethod, "Entity Attributes found for idp: " + idp);
List attribL = eael.getAttributeOrAssertion();
if (attribL != null || !attribL.isEmpty()) {
Iterator attrI = attribL.iterator();
while (attrI.hasNext()) {
AttributeElement ae = (AttributeElement) attrI.next();
// TODO: Verify what type of element this is (Attribute or assertion)
// For validation purposes
List av = ae.getAttributeValue();
if (av != null || !av.isEmpty()) {
debugMessage(classMethod, "Attribute Values found for idp: " + idp);
Iterator avI = av.iterator();
while (avI.hasNext()) {
AttributeValueElement ave = (AttributeValueElement) avI.next();
if (ave != null) {
List contentL = ave.getContent();
debugMessage(classMethod, "Attribute Value Elements found for idp: " + idp + "-->" + contentL);
if (contentL != null || !contentL.isEmpty()) {
Set idpContextSet = trimmedListToSet(contentL);
debugMessage(classMethod, "idpContextSet = " + idpContextSet);
idpContextSet.retainAll(authnRequestContextSet);
if (idpContextSet != null && !idpContextSet.isEmpty()) {
idps = idp + " " + idps;
debugMessage(classMethod, "Extension Values found for idp " + idp + ": " + idpContextSet);
}
}
}
}
}
}
}
}
}
}
} else {
debugMessage(classMethod, " No extensions found for IdP " + idp);
}
} else {
debugMessage(classMethod, "Configuration for the idp " + idp + " was not found in this system");
}
}
}
} catch (SAML2MetaException me) {
debugMessage(classMethod, "SOmething went wrong: " + me);
}
debugMessage(classMethod, " IDPList returns: " + idps);
return idps.trim();
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
EntityAttributesElement(com.sun.identity.saml2.jaxb.metadataattr.EntityAttributesElement)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
COTException(com.sun.identity.cot.COTException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
RequestedAuthnContext(com.sun.identity.saml2.protocol.RequestedAuthnContext)
ExtensionsType(com.sun.identity.saml2.jaxb.metadata.ExtensionsType)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
AttributeValueElement(com.sun.identity.saml2.jaxb.assertion.AttributeValueElement)
AttributeElement(com.sun.identity.saml2.jaxb.assertion.AttributeElement)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
HashSet(java.util.HashSet)
Example 62 with Assertion
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class IDPSSOUtil method getACSurlFromMetaByBinding.
/**
* Returns the assertion consumer service <code>URL</code> from
* meta data by binding
*
* @param spEntityID the entity id of the service provider
* @param realm the realm name of the identity provider
* @param desiredBinding the desired binding
* @param returnedBinding the binding used to send back
* <code>Response</code>
* @return the assertion consumer service <code>URL</code>
* @throws SAML2Exception if the operation is not successful
*/
public static String getACSurlFromMetaByBinding(String spEntityID, String realm, String desiredBinding, StringBuffer returnedBinding) throws SAML2Exception {
String classMethod = "IDPSSOUtil.getACSurlFromMetaByBinding: ";
SPSSODescriptorElement spSSODescriptorElement = getSPSSODescriptor(realm, spEntityID, classMethod);
List acsList = spSSODescriptorElement.getAssertionConsumerService();
String acsURL = null;
String binding = null;
String defaultAcsURL = null;
String defaultBinding = null;
String firstAcsURL = null;
String firstBinding = null;
AssertionConsumerServiceElement acs = null;
for (int i = 0; i < acsList.size(); i++) {
acs = (AssertionConsumerServiceElement) acsList.get(i);
binding = acs.getBinding();
if (binding.equals(desiredBinding)) {
acsURL = acs.getLocation();
break;
}
if (acs.isIsDefault()) {
defaultAcsURL = acs.getLocation();
defaultBinding = acs.getBinding();
}
if (i == 0) {
firstAcsURL = acs.getLocation();
firstBinding = acs.getBinding();
}
}
if (acsURL == null || acsURL.length() == 0) {
acsURL = defaultAcsURL;
if (acsURL == null || acsURL.length() == 0) {
acsURL = firstAcsURL;
if (acsURL == null || acsURL.length() == 0) {
acsURL = null;
SAML2Utils.debug.error(classMethod + "Unable to get valid Assertion " + "Consumer Service URL");
return null;
}
returnedBinding.append(firstBinding);
} else {
returnedBinding.append(defaultBinding);
}
} else {
returnedBinding.append(binding);
}
return acsURL;
}
Also used :
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
AssertionConsumerServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionConsumerServiceElement)
List(java.util.List)
ArrayList(java.util.ArrayList)
Example 63 with Assertion
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class IDPSSOUtil method getDefaultACSurl.
/**
* Returns the default assertion consumer service url and binding
* from the metadata.
*
* @param spEntityID the entity id of the service provider
* @param realm the realm name of the identity provider
* @return the assertion consumer service url with returned binding.
* @throws SAML2Exception if the operation is not successful
*/
public static String getDefaultACSurl(String spEntityID, String realm, StringBuffer returnedBinding) throws SAML2Exception {
String classMethod = "IDPSSOUtil.getDefaultACSurl: ";
SPSSODescriptorElement spSSODescriptorElement = getSPSSODescriptor(realm, spEntityID, classMethod);
List acsList = spSSODescriptorElement.getAssertionConsumerService();
AssertionConsumerServiceElement acs = null;
String acsURL = null;
String binding = null;
String firstAcsURL = null;
String firstBinding = null;
for (int i = 0; i < acsList.size(); i++) {
acs = (AssertionConsumerServiceElement) acsList.get(i);
if (acs.isIsDefault()) {
acsURL = acs.getLocation();
binding = acs.getBinding();
}
if (i == 0) {
firstAcsURL = acs.getLocation();
firstBinding = acs.getBinding();
}
}
if (acsURL == null) {
acsURL = firstAcsURL;
binding = firstBinding;
}
if (binding != null) {
returnedBinding.append(binding);
}
return acsURL;
}
Also used :
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
AssertionConsumerServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionConsumerServiceElement)
List(java.util.List)
ArrayList(java.util.ArrayList)
Example 64 with Assertion
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class IDPSSOUtil method extractAuthenticatingAuthorities.
private static List<String> extractAuthenticatingAuthorities(Assertion assertion) {
final List<String> authenticatingAuthorities = new ArrayList<String>();
final List<AuthnStatement> authnStatements = assertion.getAuthnStatements();
if (authnStatements != null) {
for (AuthnStatement authnStatement : authnStatements) {
final List<String> authorities = authnStatement.getAuthnContext().getAuthenticatingAuthority();
if (authorities != null) {
authenticatingAuthorities.addAll(authorities);
}
}
}
return authenticatingAuthorities;
}
Also used :
ArrayList(java.util.ArrayList)
AuthnStatement(com.sun.identity.saml2.assertion.AuthnStatement)
Example 65 with Assertion
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class IDPSSOUtil method signAssertion.
/**
* Signs an <code>Assertion</code>
*
* @param realm the realm name of the identity provider
* @param idpEntityID the entity id of the identity provider
* @param assertion The <code>Assertion</code> to be signed
*/
static void signAssertion(String realm, String idpEntityID, Assertion assertion) throws SAML2Exception {
String classMethod = "IDPSSOUtil.signAssertion: ";
KeyProvider kp = KeyUtil.getKeyProviderInstance();
if (kp == null) {
SAML2Utils.debug.error(classMethod + "Unable to get a key provider instance.");
throw new SAML2Exception(SAML2Utils.bundle.getString("nullKeyProvider"));
}
String idpSignCertAlias = SAML2Utils.getSigningCertAlias(realm, idpEntityID, SAML2Constants.IDP_ROLE);
if (idpSignCertAlias == null) {
SAML2Utils.debug.error(classMethod + "Unable to get the hosted IDP signing certificate alias.");
throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
}
String encryptedKeyPass = SAML2Utils.getSigningCertEncryptedKeyPass(realm, idpEntityID, SAML2Constants.IDP_ROLE);
PrivateKey key;
if (encryptedKeyPass == null || encryptedKeyPass.isEmpty()) {
key = kp.getPrivateKey(idpSignCertAlias);
} else {
key = kp.getPrivateKey(idpSignCertAlias, encryptedKeyPass);
}
assertion.sign(key, kp.getX509Certificate(idpSignCertAlias));
}
Also used :
KeyProvider(com.sun.identity.saml.xmlsig.KeyProvider)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
PrivateKey(java.security.PrivateKey)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)53
ArrayList (java.util.ArrayList)42
List (java.util.List)42
Assertion (com.sun.identity.saml2.assertion.Assertion)30
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)24
Date (java.util.Date)24
EncryptedAssertion (com.sun.identity.saml2.assertion.EncryptedAssertion)20
Issuer (com.sun.identity.saml2.assertion.Issuer)16
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)16
Response (com.sun.identity.saml2.protocol.Response)16
Iterator (java.util.Iterator)15
HttpServletResponse (javax.servlet.http.HttpServletResponse)13
SessionException (com.sun.identity.plugin.session.SessionException)12
IOException (java.io.IOException)12
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)11
NameID (com.sun.identity.saml2.assertion.NameID)10
PrivateKey (java.security.PrivateKey)10
AttributeStatement (com.sun.identity.saml2.assertion.AttributeStatement)8
Subject (com.sun.identity.saml2.assertion.Subject)8
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)8
