use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class SAML2TokenGenerationImpl method setVersionAndId.
private void setVersionAndId(Assertion assertion) throws TokenCreationException {
try {
assertion.setVersion("2.0");
assertion.setID(SAML2SDKUtils.generateID());
} catch (SAML2Exception e) {
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught setting version and/or id in SAML2TokenGenerationImpl: " + e, e);
}
}
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class SPACSUtils method getSAMLAttributes.
/**
* Gets the attributes from an assert's AttributeStates.
*
* @param assertion The assertion from which to pull the AttributeStates.
* @param needAttributeEncrypted Whether attributes must be encrypted (or else rejected).
* @param privateKeys Private keys used to decrypt those encrypted attributes.
* @return a list of attributes pulled from the provided assertion.
*/
public static List<Attribute> getSAMLAttributes(Assertion assertion, boolean needAttributeEncrypted, Set<PrivateKey> privateKeys) {
List<Attribute> attrList = null;
if (assertion != null) {
List<AttributeStatement> statements = assertion.getAttributeStatements();
if (CollectionUtils.isNotEmpty(statements)) {
for (AttributeStatement statement : statements) {
List<Attribute> attributes = statement.getAttribute();
if (needAttributeEncrypted && attributes != null && !attributes.isEmpty()) {
SAML2Utils.debug.error("Attribute not encrypted.");
return null;
}
if (attributes != null) {
if (attrList == null) {
attrList = new ArrayList<>();
}
attrList.addAll(attributes);
}
List<EncryptedAttribute> encAttrs = statement.getEncryptedAttribute();
if (encAttrs != null) {
for (EncryptedAttribute encAttr : encAttrs) {
if (attrList == null) {
attrList = new ArrayList<>();
}
try {
attrList.add((encAttr).decrypt(privateKeys));
} catch (SAML2Exception se) {
SAML2Utils.debug.error("Decryption error:", se);
return null;
}
}
}
}
}
}
return attrList;
}
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class SPACSUtils method setDiscoBootstrapCredsInSSOToken.
/** Sets Discovery bootstrap credentials in the SSOToken
*
* @param sessionProvider session provider.
* @param assertion assertion.
* @param session the valid session object.
*/
private static void setDiscoBootstrapCredsInSSOToken(SessionProvider sessionProvider, Assertion assertion, Object session) throws SessionException {
if (assertion == null) {
return;
}
Set discoBootstrapCreds = null;
Advice advice = assertion.getAdvice();
if (advice != null) {
List creds = advice.getAdditionalInfo();
if ((creds != null) && !creds.isEmpty()) {
if (discoBootstrapCreds == null) {
discoBootstrapCreds = new HashSet();
}
discoBootstrapCreds.addAll(creds);
}
}
if (discoBootstrapCreds != null) {
sessionProvider.setProperty(session, SAML2Constants.DISCOVERY_BOOTSTRAP_CREDENTIALS, (String[]) discoBootstrapCreds.toArray(new String[discoBootstrapCreds.size()]));
}
}
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class SPACSUtils method processResponseForFedlet.
/**
* Processes response from Identity Provider to Fedlet (SP).
* This will do all required protocol processing, include signature,
* issuer and audience validation etc. A map containing processing
* result will be returned. <br>
* Here is a list of keys and values for the returned map: <br>
* SAML2Constants.ATTRIBUTE_MAP -- Attribute map containing all attributes
* passed down from IDP inside the
* Assertion. The value is a
* <code>java.util.Map</code> whose keys
* are attribute names and values are
* <code>java.util.Set</code> of string
* values for the attributes. <br>
* SAML2Constants.RELAY_STATE -- Relay state, value is a string <br>
* SAML2Constants.IDPENTITYID -- IDP entity ID, value is a string<br>
* SAML2Constants.RESPONSE -- Response object, value is an instance of
* com.sun.identity.saml2.protocol.Response
* SAML2Constants.ASSERTION -- Assertion object, value is an instance of
* com.sun.identity.saml2.assertion.Assertion
* SAML2Constants.SUBJECT -- Subject object, value is an instance of
* com.sun.identity.saml2.assertion.Subject
* SAML2Constants.NAMEID -- NameID object, value is an instance of
* com.sun.identity.saml2.assertion.NameID
*
* @param request HTTP Servlet request
* @param response HTTP Servlet response.
* @param out the print writer for writing out presentation
*
* @return <code>Map</code> which holds result of the processing.
* @throws SAML2Exception if the processing failed due to server error.
* @throws IOException if the processing failed due to IO error.
* @throws SessionException if the processing failed due to session error.
* @throws ServletException if the processing failed due to request error.
*
* @supported.api
*/
public static Map processResponseForFedlet(HttpServletRequest request, HttpServletResponse response, PrintWriter out) throws SAML2Exception, IOException, SessionException, ServletException {
if ((request == null) || (response == null)) {
throw new ServletException(SAML2SDKUtils.bundle.getString("nullInput"));
}
String requestURL = request.getRequestURL().toString();
SAML2MetaManager metaManager = new SAML2MetaManager();
if (metaManager == null) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorMetaManager"));
}
String metaAlias = SAML2MetaUtils.getMetaAliasByUri(requestURL);
if ((metaAlias == null) || (metaAlias.length() == 0)) {
// Check in case metaAlias has been supplied as a parameter
metaAlias = request.getParameter(SAML2MetaManager.NAME_META_ALIAS_IN_URI);
if (metaAlias == null || metaAlias.length() == 0) {
// pick the first available one
List spMetaAliases = metaManager.getAllHostedServiceProviderMetaAliases("/");
if ((spMetaAliases != null) && !spMetaAliases.isEmpty()) {
// get first one
metaAlias = (String) spMetaAliases.get(0);
}
if ((metaAlias == null) || (metaAlias.length() == 0)) {
throw new ServletException(SAML2SDKUtils.bundle.getString("nullSPEntityID"));
}
}
}
String hostEntityId = null;
try {
hostEntityId = metaManager.getEntityByMetaAlias(metaAlias);
} catch (SAML2MetaException sme) {
SAML2SDKUtils.debug.error("SPACSUtils.processResponseForFedlet", sme);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("metaDataError"));
}
if (hostEntityId == null) {
// logging?
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("metaDataError"));
}
// organization is always root org
String orgName = "/";
String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
SessionProvider sessionProvider = null;
ResponseInfo respInfo = null;
try {
sessionProvider = SessionManager.getProvider();
} catch (SessionException se) {
SAML2SDKUtils.debug.error("SPACSUtils.processResponseForFedlet", se);
throw new SAML2Exception(se);
}
respInfo = SPACSUtils.getResponse(request, response, orgName, hostEntityId, metaManager);
Object newSession = null;
// Throws a SAML2Exception if the response cannot be validated
// or contains a non-Success StatusCode, invoking the SPAdapter SPI
// for taking action on the failed validation.
// The resulting exception has its redirectionDone flag set if
// the SPAdapter issued a HTTP redirect.
newSession = SPACSUtils.processResponse(request, response, out, metaAlias, null, respInfo, orgName, hostEntityId, metaManager, null);
SAML2SDKUtils.debug.message("SSO SUCCESS");
String[] redirected = sessionProvider.getProperty(newSession, SAML2Constants.RESPONSE_REDIRECTED);
if ((redirected != null) && (redirected.length != 0) && redirected[0].equals("true")) {
SAML2SDKUtils.debug.message("Already redirected in SPAdapter.");
// response redirected already in SPAdapter
return createMapForFedlet(respInfo, null, hostEntityId);
}
// redirect to relay state
String finalUrl = SPACSUtils.getRelayState(relayState, orgName, hostEntityId, metaManager);
String realFinalUrl = finalUrl;
if (finalUrl != null && finalUrl.length() != 0) {
try {
realFinalUrl = sessionProvider.rewriteURL(newSession, finalUrl);
} catch (SessionException se) {
SAML2SDKUtils.debug.message("SPACSUtils.processRespForFedlet", se);
realFinalUrl = finalUrl;
}
}
String redirectUrl = SPACSUtils.getIntermediateURL(orgName, hostEntityId, metaManager);
String realRedirectUrl = null;
if (redirectUrl != null && redirectUrl.length() != 0) {
if (realFinalUrl != null && realFinalUrl.length() != 0) {
if (redirectUrl.indexOf("?") != -1) {
redirectUrl += "&goto=";
} else {
redirectUrl += "?goto=";
}
redirectUrl += URLEncDec.encode(realFinalUrl);
try {
realRedirectUrl = sessionProvider.rewriteURL(newSession, redirectUrl);
} catch (SessionException se) {
SAML2SDKUtils.debug.message("SPACSUtils.processRespForFedlet: rewriting failed.", se);
realRedirectUrl = redirectUrl;
}
} else {
realRedirectUrl = redirectUrl;
}
} else {
realRedirectUrl = finalUrl;
}
return createMapForFedlet(respInfo, realRedirectUrl, hostEntityId);
}
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class SPACSUtils method createMapForFedlet.
private static Map createMapForFedlet(ResponseInfo respInfo, String relayUrl, String hostedEntityId) {
Map map = new HashMap();
if (relayUrl != null) {
map.put(SAML2Constants.RELAY_STATE, relayUrl);
}
Response samlResp = respInfo.getResponse();
map.put(SAML2Constants.RESPONSE, samlResp);
Assertion assertion = respInfo.getAssertion();
map.put(SAML2Constants.ASSERTION, assertion);
map.put(SAML2Constants.SUBJECT, assertion.getSubject());
map.put(SAML2Constants.IDPENTITYID, assertion.getIssuer().getValue());
map.put(SAML2Constants.SPENTITYID, hostedEntityId);
map.put(SAML2Constants.NAMEID, respInfo.getNameId());
map.put(SAML2Constants.ATTRIBUTE_MAP, respInfo.getAttributeMap());
map.put(SAML2Constants.SESSION_INDEX, respInfo.getSessionIndex());
return map;
}
Aggregations